[ale] wireless sanity/security check

Pat Regan thehead at patshead.com
Mon Jan 4 23:24:08 EST 2010


On 01/04/2010 05:17 PM, Mark Wright wrote:
> I didn't ask the question about wireless security because I thought
> wifi could be intrusion proof.  I just wanted to confirm that giving
> my friends advice to use MAC filtering wasn't real bad advice.   They
> had failed to get WPA working and there were Christmas presents that
> were not being played with.
>

MAC filtering will not keep very many people out if they are actively 
trying to "steal" your bandwidth.  The only people you're likely to keep 
out with MAC filtering are the people who think they are connecting to 
their own network but they are connecting to yours by mistake.  It is 
amazing how often that happens.

I'm much more paranoid about connecting to an unknown network than I am 
about people cracking into mine.  I seem especially paranoid in hotels. 
  I know that if I can fire up wireshark and steal unencrypted pop, 
imap, and instant messenger password, so can someone else.

I nearly always VPN or use an SSH proxy on any scary wifi connection :).

> The problem is both of my friends couldn't get WPA to work.  My
> wife's sister in law was refusing to use her new laptop because her
> husband had turned WPA off to get it on the internet.  I told them
> how to set up MAC filtering over the phone and now she is surfing the
> internet confident that her computer is safe.  Just like she sleeps
> soundly because she doesn't know how easy it is to break into her
> locked house.

With any semi-modern hardware (3-4+ years?) I wouldn't expect wpa/wpa2 
to be a problem.  WEP tends to be problematic because there is more than 
one algorithm for converting a passphrase to a hex key.

MAC filtering will likely narrow the opportunity for attack, though.  If 
someone drives by while no authorized machines are connected then they 
will not see any valid MAC addresses to clone.

Pat


More information about the Ale mailing list