Shadrack Posted January 5, 2012 Share Posted January 5, 2012 Ok people - :argue: BudMan (and therefore me :D ) is right so we'll just end the discussion there. It doesn't matter what you've read or heard, fact is MAC filtering is NOT a security method. Now back to regular scheduled topic: I had the older ones and it worked good. It was the 80Mbps ones but got decent speeds with that too. 2-4MB/s so i enjoyed it. Can't endorse any recent ones as I haven't used them but I'd definitely trust them (based on my pass experience) without any worries. If my network wasn't in the area where I couldn't use cables now easily for the media server i'd definitely choose that over wireless especially the newer 500Mbps ones :) Just throwing this out there: the "500Mbps" ones are an absolute pipe-dream. People say that their connection peaks at about 120Mbps which is about what I'm getting with my 200Mbps rated power line adapters from Trendnet. They still work great, but don't expect 500Mbps. Also, I'm not convinced that the wiring "quality" has as much to do with the speed of these things. If power is conducting just fine (i.e., no fires in your wall) then I would not expect "old wiring" to equate to low power line adapter performance. That being said, I would expect older appliances (air conditioning, refrigerator, etc) to affect the speed of these things. Large inductive loads that switch on-and-off create spurious noise on power lines. Link to comment Share on other sites More sharing options...
Shadrack Posted January 5, 2012 Share Posted January 5, 2012 it's a lot easier to spoof your mac address than it is to break wireless encryption you can't even compare the two Exactly. @majortom1981 - I'll setup a WPA2 network and you setup a MAC filter network and lets see who can crack into who's first, okay ;)? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 5, 2012 MVC Share Posted January 5, 2012 "Well, since I was trying to suggest a way to not allow someone to just plug in and be on his network since" And I thought I already went over this?? Even if his router supports MAC filtering on the wired interfaces of his router (which the vast majority of them do not). IT STILL DOES NOT PREVENT someone from accessing his PLA, and being on his network and talking to every other wired device on his network. So how does it any way shape or form secure access to his network?? Which is what the whole thread is about. It doesn't even prevent someone from walking into his house and plugging directly into his router and talking to every other wired device on his network!! So how in any shape or form does it prevent unauthorized access.. His door is preventing access to his wired network more than mac filtering is! And as I also stated PLA's normally use encryption to send traffic back and forth, and also require a password to pair to each other (which btw would not be going back and forth across the wire to view). So as I also already stated even if they were visible outside his home -- which normally they wouldn't be because not on the same electrical circuit you could not view their traffic or pair with them in anyway to access his network without a valid password! Which would obtainable by just viewing the traffic like you can with mac addresses. Also nowhere did I state anything about having to being encrypted to be considered security. Let me clarify WHY mac filtering is not a "VALID" form of security.. Which to be honest I thought I already did with my password example.. But guess not ;) Security is a method to prevent unauthorized users access to something - I think we can all agree with that? Problem with mac filtering is it doesn't secure the method the users use to identify themselves and there is not way to. Its clear text visible to anyone that wants to see it sort of thing -- like what color of shirt you have on today. So lets say your network is a Bar, and to get into said bar you need a PASSWORD -- if you don't give the password to the Bouncer, you don't get in. This is a security method! To identify yourself as a valid user you need to know a specific password. Problem is with mac filtering you might as well just have a sign next to the door to the bar with the Password to get in 3 foot high blinking Neon Lights!! There is NOTHING with mac filtering that prevents anyone from looking to see what a valid password is. Or just standing their and listening to the users say the password to the bouncer. Mac filtering is more like saying you can not come into the bar unless you have a red shirt on, well anyone can put on a red shirt and there you go the bouncer lets you in! Just watching who gets in and who doesn't you could quite easy see that people with red shirts get in, and people with blue do not, etc. There is NOTHING that keeps you from just watching the bar to see who gets in and who doesn't get in -- same with mac filters since they are in the clear you can always just sniff and see which ones work, then change yours to a valid one. Or lets say they have a list with your name on it (mac address filter) And to get in have to give your name -- ok that is good.. But again since mac addresses can be changed in 2 shakes by any 8 year old that knows how to use google. You just ask the people as they are entering and leaving the bar (sniff traffic look on device, etc) what their names are or just listen to them give it to bouncer -- and there you go you have a valid name to repeat to the bouncer.. Bouncer is not asking for any proof that is you, bouncer is so stupid he doesn't care if 14 people all come in with the same name. All he knows is bill smith is on the list ;) And you told him your name was bill smith. To be a "VALID" form of security and only allow access to authorized users.. There has to be some form of security around the authentication method. That is why you don't have users post their passwords on their monitors with postit notes.. Now sure it is possible to hold a gun to the users head and have him give you his password, or you could sniff the network and grab the the password even if encrypted and break it, if it is.. Even if the network traffic is not encrypted normally passwords are encrypted in some method to protect them unwanted access.. Now FTP and POP etc.. are not -- which is why you have ftp over ssl, or APOP or just do it over a tunnel to protected the authentication method.. If your doing everything in the CLEAR then it is NOT a valid security method. [Now lets not get on side track that FTP is in clear so its not valid either -- I agree cleartxt passwords are BAD. My comments were about mac filtering not being a valid security method.] Which is the problem with MACs -- they are always in the CLEAR!! [you can take measure to not send your ftp in the clear - you can not with mac address] And yours can be changed, now if that bouncer was asking for a VALID form of ID from state authority and checking it to see if it was forged -- hey that is a security method. But that is not how mac filtering works. Its as secure as the Password Sign on the bar entrance -- now I ask you again do you feel that is a valid security method? If so ignorance is bliss is it not ;) Oh btw bar is your network, mac address filtering on most routers is more like blocking access to the bathroom in the bar and use of back exit the internet.. In this scenario bouncer is now watching restrooms and back exit but have access to BAR. Because as I pointed out with the even the router that supports wired interface mac filtering -- you still have access to all the other wired ports on that router! Link to comment Share on other sites More sharing options...
Recommended Posts