Advantages of encryption security over a simple MAC Filter?

I recently discovered that a few people are accessing the internet via
my unsecured wireless network. In my quest I found that the 64/128
bit Wep encryption is the norm...

However, what about just setting up a MAC filter?

Im probably like most users in that my network consists of just a few
wireless devices... why do most people use encryption (
WAP(2)/Radius/Wep ) instead of just manually listing the permitted MACs
that can access the wireless network.

I can see for a big business with many computers this would be too time
consuming, but for home or small office wouldnt a MAC filter be the
MOST secure and have the LEAST latency associated with it?? Why isnt
this option ever mentioned?

Thoughts??

On 27 Aug 2006 01:14:47 -0700, benn686@hotmail.com wrote in
<1156666487.329240.221810@m79g2000cwm.googlegroups .com>:

>I recently discovered that a few people are accessing the internet via
>my unsecured wireless network. In my quest I found that the 64/128
>bit Wep encryption is the norm...

It's actually too weak to be terribly effective.

>However, what about just setting up a MAC filter?

Too easily spoofed to be of any real value.

>Im probably like most users in that my network consists of just a few
>wireless devices... why do most people use encryption (
>WAP(2)/Radius/Wep ) instead of just manually listing the permitted MACs
>that can access the wireless network.

Because WPA really works, and MAC filtering doesn't.

>I can see for a big business with many computers this would be too time
>consuming, but for home or small office wouldnt a MAC filter be the
>MOST secure and have the LEAST latency associated with it?? Why isnt
>this option ever mentioned?

Because it's of so little value.

>Thoughts??

Read the wikis below.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On 27 Aug 2006 01:14:47 -0700, benn686@hotmail.com wrote:

> I recently discovered that a few people are accessing the internet via
> my unsecured wireless network. In my quest I found that the 64/128
> bit Wep encryption is the norm...
>
> However, what about just setting up a MAC filter?
>
> Im probably like most users in that my network consists of just a few
> wireless devices... why do most people use encryption (
> WAP(2)/Radius/Wep ) instead of just manually listing the permitted MACs
> that can access the wireless network.
>
> I can see for a big business with many computers this would be too time
> consuming, but for home or small office wouldnt a MAC filter be the
> MOST secure and have the LEAST latency associated with it?? Why isnt
> this option ever mentioned?
>
> Thoughts??

Without encryption your traffic can be intercepted (think passwords etc...)
And a potential abuser can sit within range and easily gain a list of your
mac addresses that are used.. and simply kick one of your devices off the
wifi network and use the mac address for himself.. called spoofing.

WEP (64 or better) has been proven to be ineffective and easily cracked.
WPA or WPA2 (if supported) should be considered the bare minimum.

It's a shame manufacturers are still making wifi enabled devices with only
WEP support!

On Sun, 27 Aug 2006 10:36:35 GMT, Doz <Doz@Doz.Doz> wrote in
<3kvs8hhb9ttt$.jyfaqrewbrjo$.dlg@40tude.net>:

>WEP (64 or better) has been proven to be ineffective and easily cracked.
>WPA or WPA2 (if supported) should be considered the bare minimum.

Yep.

>It's a shame manufacturers are still making wifi enabled devices with only
>WEP support!

I'd call it a crime.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Sun, 27 Aug 2006 01:14:47 -0700, benn686 wrote:

> I recently discovered that a few people are accessing the internet via my
> unsecured wireless network. In my quest I found that the 64/128 bit Wep
> encryption is the norm...
>
> However, what about just setting up a MAC filter?
>
> Im probably like most users in that my network consists of just a few
> wireless devices... why do most people use encryption ( WAP(2)/Radius/Wep
> ) instead of just manually listing the permitted MACs that can access the
> wireless network.
>
> I can see for a big business with many computers this would be too time
> consuming, but for home or small office wouldnt a MAC filter be the MOST
> secure and have the LEAST latency associated with it?? Why isnt this
> option ever mentioned?
>
> Thoughts??

MAC addresses can be spoofed. So, encryption is the better way to go. I
recommend WPA instead of WEP.

On 27 Aug 2006 01:14:47 -0700, in alt.internet.wireless ,
benn686@hotmail.com wrote:

>However, what about just setting up a MAC filter?

Useless.

>Im probably like most users in that my network consists of just a few
>wireless devices... why do most people use encryption (
>WAP(2)/Radius/Wep ) instead of just manually listing the permitted MACs
>that can access the wireless network.

Because its extremely easy to change the MAC of your computer to match
one of the permitted ones.

>I can see for a big business with many computers this would be too time
>consuming, but for home or small office wouldnt a MAC filter be the
>MOST secure and have the LEAST latency associated with it?? Why isnt
>this option ever mentioned?

Because its more or less useless, by itself.
--
Mark McIntyre

> I can see for a big business with many computers this would be too time
> consuming, but for home or small office wouldnt a MAC filter be the
> MOST secure and have the LEAST latency associated with it?? Why isnt
> this option ever mentioned?

If you want to gain access to a network that's using only MAC filtering
here's all you need to do:

Listen to the airwaves
Watch for packets destined to the access point in question.
Make note of the MAC address of the machine that's sending those packets.
Set your machine to use that same MAC address

Do this preferrably when that other machine isn't present or active. Voila,
you're in! Since the router is only looking at the MAC address, it'll let
you connect.

If you use it while that other machine is present you'll cause errors on
both ends. So for a network that's got down time when the other MAC
addresses aren't around it's of NO SECURITY WHATSOEVER. And even when they
are around it's a hit-and-miss way to grab "some" access, causing all manner
of confusion to the innocent owner of that MAC address is the meanwhile.

WEP is "less worse" in that will keep all but the most casual of hackers
out. But anyone with even a trifling bit of knowledge can easily break into
any WEP network. WPA is, at this point in time, the only decently secure
method to use.

So no, MAC address filtering is of little or no value and WEP only trivially
more secure. I suppose you could couple MAC filtering along with WPA and it
might be "a bit" more secure but that just adds a configuration hassle.

-Bill Kearney