MAC Filtering + WEP - How unsecure is it?


Recommended Posts

It's not going to do anything to stop someone who knows what they're doing and wants to forcibly join your network. Once they've done that, it becomes a matter of how secure your network itself is (ie. the passwords on your machines, shares accessible by anonymous users, patches up-to-date, etc).

That said, it's probably fine. If someone really wanted to target you they'll probably break into your house or something. If they're just leeching free WiFi, they aren't going to bother with secured networks. If they're just looking for random people to attack, they'll also most likely be looking for unsecured networks.

I guess it all depends on how paranoid you are, where you live, if you have enemies or government agencies after you, etc.

Also, if the DS doesn't support WPA, that is incredibly lame.

One needs to make an actual effort to break wep encryption (with data analysis and all), so you'd need to be actually targeted.. its not gonna happen by pure chance.

MAC adress filtering works incredibly well... i'm no security expert but i'm confident that the only way to bypass it is for someone to clone your mac address other than router hacks.

So a combination of them both is waaaaaaayyyyyy more than what any non-prominent individual could possibly ever need.

  jgrodri said:
One needs to make an actual effort to break wep encryption (with data analysis and all), so you'd need to be actually targeted.. its not gonna happen by pure chance.

MAC adress filtering works incredibly well... i'm no security expert but i'm confident that the only way to bypass it is for someone to clone your mac address other than router hacks.

So a combination of them both is waaaaaaayyyyyy more than what any non-prominent individual could possibly ever need.

MAC filtering doesn't really do anything. All the attacker has to do is change their MAC address to one that's allowed... and I think there are ways of detecting the MAC addresses of other wireless devices without being joined to the same network.

I wouldn't count on it being any sort of viable security barrier. Yes it's an extra step an attacker will have to deal with, but not a significant one. Also, if I recall correctly, most access points let you connect even if your MAC address isn't on the allow list. They just don't issue you an IP address.

  metallithrax said:
Tut, tut, come on now Brandon. An employee of Microsoft dissing another companies product. You know you will probably get slammed for that. :laugh:

I didn't really see it that way. I like the DS. I just think it's unfortunate that it doesn't support WPA as that's kind of the standard nowadays (and significantly harder to break than WEP).

  metallithrax said:
Tut, tut, come on now Brandon. An employee of Microsoft dissing another companies product. You know you will probably get slammed for that. :laugh:

He's right through.

Supporting WEP only when WPA is pretty much the standard is just silly. If you want backwards compatibility, then just support both.

I've got my network as WEP only with MAC filtering just for my DS, But I don't care much if somebody does break it (All my machines are kept up to date and use passwords, which annoys my step-father greatly)

how would someone figure out what mac addresses you allow with out being able to connect to your network to trace the inside computers?

i guess you could automate it to go through strings of macs until it matches but that would be really slow and unless you have some kind of sensitive data no one would waste their time on it

  xortex said:
how would someone figure out what mac addresses you allow with out being able to connect to your network to trace the inside computers?

i guess you could automate it to go through strings of macs until it matches but that would be really slow and unless you have some kind of sensitive data no one would waste their time on it

Sniff the packets.

Spoofing the mac address is the easy part. WEP cracking is the "hard" part (hard as in, it takes the FBI 3 minutes to crack it, and they're using open source tools)

  The_Decryptor said:
Sniff the packets.

Spoofing the mac address is the easy part. WEP cracking is the "hard" part (hard as in, it takes the FBI 3 minutes to crack it, and they're using open source tools)

Just curious, how do you know what the FBI uses?

They demonstrated it at a security conference.

It's nothing really special (i.e. secret, they tools they use are open source), just capture packets then flood the network with fake requests, network starts responding and you soon have enough data to start cracking the WEP key.

As already stated -- MAC filtering and WEP are pretty much useless as security methods.

This has been gone over and over here on any thread that brings up wireless security.. Someone normally likes to chime in that you should use mac filtering, and then they always throw in that you should disable SSID broadcast as well..

I have to say I am pleasantly surprised to see the responses here!!

MAC filtering is a method of control that you could use on your network to say not let the kids machine surf after 10pm. But as a method of blocking access to your network - no its useless. WEP is better than just plain OPEN mind you, but as stated it can be cracked in a few minutes by anyone looking to do so. There are guides all over the net on cracking WEP. And yes before someone brings it up -- yes their are guides for brute forcing wpa-psk as well..

BUT!!! If you use a SECURE PASSWORD those methods are useless, even if they had the computer power of a small country.. But sure something like "P@55w0rd!" makes wpa-psk pretty much useless as a form of security as well.

I have to agree -- I have no idea what the makers of a wireless device where thinking to only support WEP?

EDIT: Depending on your router and what firmware it might be running -- it is possible to run more than 1 type of security method by creating virtual wireless interfaces.. You could have one that is only WEP, but only allows access to the internet -- not your network, etc.

  BudMan said:
EDIT: Depending on your router and what firmware it might be running -- it is possible to run more than 1 type of security method by creating virtual wireless interfaces.. You could have one that is only WEP, but only allows access to the internet -- not your network, etc.

I was hoping something like that was possible... I'm running a Linksys WRT54GL with Tomato, which doesn't seem to support that. Do you know which firmware does?

dd-wrt v24 RC support virtual wireless adapters.

Here is guide of someone setting it up -- this is for a FON network.. But its about the same thing your looking to do.. Have a private wireless network, and then a different one that can access the internet.

http://www.geek-pages.com/articles/latest/...te_network.html

  BudMan said:
...

EDIT: Depending on your router and what firmware it might be running -- it is possible to run more than 1 type of security method by creating virtual wireless interfaces.. You could have one that is only WEP, but only allows access to the internet -- not your network, etc.

I've been thinking of doing this for a while, separate off B as WEP only (or not even bother with encryption at all) and have G as PSK, But It doesn't look like I can do that on my OpenWRT (WRT54GL) router.

It's quite possible to segment the network into 2 separate access points though, one encrypted (and bridged with the lan) and one unencrypted (and with a different IP range and special firewall rules blocking it off from the internal network), Which I suppose is a better option anyway (My original plans screw over G users)

Yeah, I was thinking of that as well... but I don't want to spend money :p

  BudMan said:
dd-wrt v24 RC support virtual wireless adapters.

Here is guide of someone setting it up -- this is for a FON network.. But its about the same thing your looking to do.. Have a private wireless network, and then a different one that can access the internet.

http://www.geek-pages.com/articles/latest/...te_network.html

Thanks!

  The_Decryptor said:
I've been thinking of doing this for a while, separate off B as WEP only (or not even bother with encryption at all) and have G as PSK, But It doesn't look like I can do that on my OpenWRT (WRT54GL) router.
And what version of the firmware are you running? The virtual wireless interfaces has been around since I think the beginning of the v24 betas for dd-wrt RC 7 just came out the other day.

As you can see you can run more than 1 wireless interface. And change the security on them.

post-14624-1209301994_thumb.jpg

Have not actually tested this in this latest RC yet, just updated too it a few minutes ago ;)

Since dd-wrt is based off of OpenWRT.. I would have to assume you could do the same thing on them?? What version of OpenWRT are you running? I am pretty sure that Kamikaze supports multiple virtual wireless!

edit: A quick google does verify that openwrt supports virtual

https://dev.openwrt.org/ticket/1239

Ability to create multiple wireless interfaces. (with unique SSID,Hdrw MAC,Encription, Client/Ap Mode and possible antenna directions (rx/tx))

01/22/07 23:26:54 changed by mbm ?

* status changed from new to closed.

*resolution set to invalid.>

Please clarify your request -kamikaze already supports this>

Edited by BudMan

I'm running White Russian (upgrading to Kamikaze as I type this)

Last time I checked, I thought Kamikaze didn't support the wireless chipset in the WRT54GL, Which was wrong since it's supported it since about September 07 (I think I got confused with the 2.4 and 2.6 versions).

And I was thinking of separating based on the protocol (B vs. G), I don't know if I can do that, but I know I can make it present multiple (differently configured) access points (up to 4 I think, but I'll just be using 2)

http://hardy.dropbear.id.au/blog/2008/02/h...orks-on-openwrt

Was going by that, I'll be double checking some of the commands though (they look wrong to me, but I'm betting I'm wrong)

I am not sure if you can run only the virtual on say B only while the physical is G only, etc. But if run on mixed.. then you should be able to set a virtual to WEP and the real to WPA2-PSK.. which no B device would be able to connect to ;)

Well I just upgraded to Kamikaze (and installed Webif2), So far I'm liking it.

First time I tried it I managed to somehow disable the LAN ports (had to re-install via TFTP), second time went better, net wasn't working (turns out dnsmasq comes pre-configured, and also configured not to read those settings), Just fixed that.

I'll make the new access points tomorrow, I'll have one WEP for my DS, and I'll put the other one as WPA2-PSK.

As already stated

WEP is extremely weak, I can crack a WEP key in roughly one minute with open source software.

For WPA use a password not in a dictionary, and preferably a mixture as long as you can remember.

WPA "cracking" can be done away from the target network after the "four way handshake" has been captured, so the hacker has all the time they need to crack the password, therefore make it harder for them

https://www.grc.com/passwords.htm

That should generate secure enough passwords, they might expose bugs in cards handling of WPA though (I used one of these for my technologically impaired friend, using it managed to lock-up his router)

  funkymunky said:
so the hacker has all the time they need to crack the password, therefore make it harder for them
If you use a SECURE password!!! lets say something like 20 characters! Sorry they are just not going to have enough time.. Do the Math yourself!

Or here;

http://lastbit.com/pswcalc.asp

Lets see, 20 characters in length.. Even if they had 1 million machines, all that could check 1 million passwords second.. Your looking at 779503646902420500 years

Now they surely do not need to be able to check the whole key space, lets say they get REAL lucky and an only have to check say something like only .0000001 percent of the key space to find yours. your still looking at 77,950,364,690 YEARS!!! How old is the universe again?? ;)

So what are the odds that billy down the street is going to get into your wpa-psk network with a machine or 2 that say at best can check around 1,000 passwords a second??

WPA-PSK with a SECURE password is more than secure enough for the HOME network! ;)

  BudMan said:
If you use a SECURE password!!! lets say something like 20 characters! Sorry they are just not going to have enough time.. Do the Math yourself!

Or here;

http://lastbit.com/pswcalc.asp

Lets see, 20 characters in length.. Even if they had 1 million machines, all that could check 1 million passwords second.. Your looking at 779503646902420500 years

Now they surely do not need to be able to check the whole key space, lets say they get REAL lucky and an only have to check say something like only .0000001 percent of the key space to find yours. your still looking at 77,950,364,690 YEARS!!! How old is the universe again?? ;)

So what are the odds that billy down the street is going to get into your wpa-psk network with a machine or 2 that say at best can check around 1,000 passwords a second??

WPA-PSK with a SECURE password is more than secure enough for the HOME network! ;)

lol, that's my point mate :)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft 365 Copilot Notebooks now integrated in OneNote on Windows by Paul Hill Microsoft has announced that Enterprise customers with Microsoft 365 Copilot, SharePoint, or OneDrive licenses can now use Microsoft 365 Copilot Notebooks integrated directly with OneNote on Windows. Copilot Notebooks are AI-powered and bring together different resources such as Copilot Chat, files, notes, and links into a single space to make you more productive. The Redmond giant wants to make it easier for customers to gather content, understand complex topics, and create “smarter content” with Copilot Notebooks. This integration is squarely aimed at Enterprise customers, not Personal or Family subscribers. How Copilot Notebooks enhance productivity in OneNote When you open OneNote on Windows, you should see Copilot Notebooks in the left-hand sidebar, from here you can view or edit existing notebooks or you can create one by going to Home > Create Copilot Notebook or New notebook. During the creation of your new notebook, you can give it a name and add references such as OneNote pages, .docx, .pptx, .xlsx, .pdf, or .loop files. This gives Copilot extra context to provide you with more refined answers. Once you have created a notebook and added your reference documents, you can use Copilot Notebooks to help you gather insights from your documents, draft summaries, and generate audio overviews. An important caveat to mention about these notebooks is that you can only add 20 files as references and only individual OneNote pages, as opposed to sections and notebooks, can be added. Microsoft could add support for these in the future, but you can’t add them yet. Another limitation right now is that some OneNote features aren’t functional within Copilot Notebooks, including tags, section groups, inking, templates, password protection, Immersive Reader, and offline support. Availability and what it means for enterprise users Microsoft 365 Copilot Notebooks in OneNote for Windows are available for Enterprise customers with an appropriate license (anyone with a Microsoft 365 Copilot, SharePoint, or OneDrive license) running OneNote Version 2504 (Build 18827.20128) or later. If you have any other feedback to give to Microsoft, you can give it via Help > Feedback. As an Insider preview, Microsoft will likely improve this before declaring it stable so let Microsoft know of any issues you have. Now that the feature is available as a preview, it’s the perfect time for IT admins and other decision-makers to evaluate the feature to see how it could benefit their wider organization.
    • Mixxx 2.5.2 by Razvan Serea Mixxx is powerful, free, and open-source DJ software designed for both beginners and professionals. It offers real-time beatmatching, auto DJ, effects, and MIDI controller support. With a clean interface and compatibility across Windows, macOS, and Linux, Mixxx is ideal for live performances, radio broadcasts, or practice sessions. Its active community and constant updates make it a reliable tool for any DJ. Mixxx integrates the tools DJs need to perform creative live mixes with digital music files. Whether you are a new DJ with just a laptop or an experienced turntablist, Mixxx can support your style and techniques of mixing. Mixxx key features: Realtime audio engine with low-latency performance MIDI and HID controller mapping with customizable scripting (JavaScript-based) Vinyl DVS support (absolute & relative timecode modes) OpenSL, ASIO, WASAPI, and JACK audio backend support Advanced BPM & musical key detection (KeyFinder integration) Quantized beat sync and phase locking Effect chain routing with LADSPA plugin support 4-deck mixing with independent EQ and gain control Support for wide file formats (MP3, FLAC, OGG, WAV, AIFF) Broadcasting via Icecast and Shoutcast with metadata support Library with Crate, Playlist, and Smart Playlist organization Multi-core CPU support for performance optimization Microphone and Auxiliary input routing with talkover ducking OSC and Web MIDI support Skinnable and themable Qt-based UI Cue points, hotcues, and looping with quantization Recording in lossless WAV or compressed formats Clock-synced looping and beatjump Mixxx 2.5.2 changelog: Library Fix playlist export when name contains a dot Fix loading the wrong track via drag and drop when using symlinks Fix: byte order in hotcue comments imported from rekordbox Tracks table: show ReplayGain with max. 2 decimals, full precision in tooltip Fix keyboard mappings with non-ASCII characters on Linux Computer feature: enable initial sorting during population Computer feature: avoid false-positve 'has children' for non-directory links Fix column header mapping when using external library Fixed Single track cover reload on reload metadata from file Controller Mappings Arturia KeyLab Mk1: initial mapping Denon MC7000: slicer mode TypeError Denon MC7000: crossfader curve using wrong parameter DJ TechTools MIDI Fighter Twister: support 4 decks Hercules DJControl Inpulse 500: the crossfader was not reaching 100% to the right end Icon Pro Audio iControls: initial mapping Numark Mixtrack Platinium FX: Fix 4 steps browsing issue Traktor Kontrol S3: Use GUI config for settings Traktor S2 MK3: Fixed LED issue Traktor S4 MK2: Use engine settings API for configuration Traktor S4 MK3: prevent sync lockup, add setting for tempo center snap Controller Backend Control picker: Allow to learn MIDI Aux/Mic enable controls Make [Main],headSplit CO persistent across restart Fix MIDI Controller button learning Fix learning with "No Mapping" selected Unit tests for engine.beginTimer engine-api.d.ts: brake()/spinback() documentation Target support Fix building with a CMake multi-config setup Fix building with gcc >= 14 with LTO and clang >= 19 (fpclassify) Fix: gcc -Warray-bounds= in fidlib by using a flexible member Added Linux Mint Codenames to debian_buildenv.sh Add hidden [Config],notify_max_dbg_time setting to reduce warnings in developer mode Detect arch and fail early if not supported when installing buildenv Misc Vinyl Control: Reduce sticker drift Fix infinite number of pop ups of the "No Vinyl|Mic|Aux|Passthrough input configured" dialog Reduce CPU usage with Trace log messages Fix adjust Gain after adopting it as ReplayGain only in requesting playe Skins: add loop anchor toggle to Deere, Shade, Tango Sound Hardware preferences: add manual link for Mic monitoring modes Work around an Ubuntu, Ibus or Qt issue regarding detecting the current keyboard layout. Fix BPM rounding for the 3/2 case Update cue & play indicators on paused decks when switching cue mode Download: Mixxx 2.5.2 | 113.0 MB (Open Source) Links: Mixxx Home page | Other OSes | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • KDE brings Wayland PiP to Plasma 6.5, adds finishing touches to 6.4 as release nears by David Uzondu The KDE team has released its This Week in Plasma update, showing the final polish being applied to Plasma 6.4 ahead of its June 17 release. Last week, the KDE team brought performance upgrades, and this week the team is continuing that with improvements like faster loading for System Monitor components in Plasma 6.4. Future work for Plasma 6.5 is already underway, and it includes a feature that many have probably been waiting for: proper Picture-in-Picture support on Wayland. This uses an experimental version of the Wayland PiP protocol, which means applications like Firefox that also implement it can finally display PiP windows correctly. It is a long-overdue addition that moves the Wayland session closer to feature parity with X11. The devs also merged KWin's Background Contrast effect into the Blur effect. Virtual desktops can now be re-ordered from the Pager widget, a feature previously missing. Invert and Zoom settings have been moved into the Accessibility page, which is a more sensible place for them than the Desktop Effects page was. The team also brought consistency to the Breeze application style, with animated effects for checkboxes and radio buttons now working in QtQuick-based apps. Other small cleanups include standardizing the section headers in the Disks & Devices, Networks, and Bluetooth widgets. For those who do a lot of screen recording, Spectacle now makes it much clearer how to stop a recording, both in its notifications and shortcut names. As for the immediate future, Plasma 6.4 and its first point release are getting accessibility and user interface tweaks. The team improved text contrast for labels used in secondary roles throughout Plasma, making things like brightness indicators much easier to read. The Kicker Application Menu in 6.4 can now scroll horizontally when a search returns a ton of results, so you can actually see all of them. The team also delivered some stability improvements in Plasma 6.4.0, most notably fixing a long-standing issue where adding widgets to oversized panels could freeze the entire shell. Discover also got a much-needed fix for a crash that occurred when suggesting replacements for unsupported Flatpak apps. On the usability side, dragging files into a Folder View widget no longer causes glitchy visuals, and Open and Save dialogs from Flatpak-based browsers now properly allow the preview pane to open. Printing from Flatpak GTK apps now respects correct sizing, and installing or removing apps no longer wipes out your search input in Kicker or Kickoff while you're using it. Other notable fixes include: Selection rectangles on the desktop now render properly when using custom fonts or sizes (Plasma 6.3.6) A crash in System Monitor charts used by apps and Plasma components has been resolved (Frameworks 6.15) Switching process views in System Monitor no longer causes crashes (Frameworks 6.16) Open and Save dialogs no longer close when hovering over specific files (Frameworks 6.16) A thumbnailer crash on X11 caused by certain widget styles has been fixed (KDE Gear 25.04.3) Frameworks 6.15 also speeds up System Monitor by delaying tree view arrow loading There are still 3 high-priority Plasma bugs holding out, and the list of quick-win "15-minute bugs" has grown to 23.
    • Hasleo Backup Suite Free 5.4.2.0 by Razvan Serea Hasleo Backup Suite Free is a free Windows backup and restore software, which embeds backup, restore and cloning features, it is designed for Windows operating system users and can be used on both Windows PCs and Servers. The backup and restore feature of Hasleo Backup Suite can help you back up and restore the Windows operating systems, disks, partitions and files (folders) to protect the security of your Windows operating system and personal data. The cloning feature of Hasleo Backup Suite can help you migrate Windows to another disk, or easily upgrade a disk to an SSD or a larger capacity disk. System Backup & Restore / Disk/Partition Backup & Restore Backup Windows operating system and boot-related partitions, including user settings, drivers and applications installed in these partitions, which ensures that you can quickly restore your Windows operating system once it crashes. Viruses, power failure, or other unknown reasons may cause data loss, so it is a good habit to regularly back up the drive that stores important files, you can at least recover lost files from the backup image files in the event of a disaster. System Clone / Disk Clone / Partition Clone Migrate the Windows operating system from one disk to another SSD or larger disk without reinstalling Windows, applications and drivers. Clone entire disk to another disk and ensure that the contents of the source disk and the destination disk are exactly the same. Clone a partition completely to the specified location on the current disk or another disk and ensure that the data will not be changed. File Backup & Restore Back up specified files(folders) instead of the entire drive to another location to protect your data, so you can quickly restore files(folders) from the backup image files when needed. Incremental/Differential/Full Backup Different backup modes are supported, you can flexibly choose data protection schemes, which can improve backup performance and save storage space while ensuring data security. Delta Restore Delta restore uses advanced delta detection technology to check the changed blocks on the destination drive and restore only the changed blocks, so it has a faster restore speed than the traditional full restore. Universal Restore This feature can help us restore the Windows operating system to computers with different hardware and ensure that Windows can work normally without any hardware compatibility issues. Hasleo Backup Suite 5.4.2.0 changelog: Added backup image delete feature Added storage path management feature Improved file backup feature Show application notifications in Windows Notification Center Various other bug fixes and feature improvements Download: Hasleo Backup Suite 5.4.2.0 | 34.4 MB (Freeware) Links: Hasleo Backup Suite Website | Hasleo Backup Suite Guide | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • One Month Later
      5i3zi1 earned a badge
      One Month Later
    • Week One Done
      5i3zi1 earned a badge
      Week One Done
    • Week One Done
      julien02 earned a badge
      Week One Done
    • One Year In
      Drewidian1 earned a badge
      One Year In
    • Explorer
      Case_f went up a rank
      Explorer
  • Popular Contributors

    1. 1
      +primortal
      545
    2. 2
      ATLien_0
      227
    3. 3
      +FloatingFatMan
      160
    4. 4
      Michael Scrip
      113
    5. 5
      +Edouard
      98
  • Tell a friend

    Love Neowin? Tell a friend!