[ale] wpa_supplicant on hidden SSIDs

Alex Carver agcarver+ale at acarver.net
Thu Sep 26 21:26:49 EDT 2013


On 9/26/2013 15:17, JD wrote:

> 
> MAC filtering is another nearly useless idea.  Anyone who is hacking will
> spoof their MAC to match an existing MAC on the Wifi.  MAC filtering is like
> locking a convertable car with the top down, nothing more, IMHO.

Eh, in my case MAC filtering is reasonable because the wireless devices
are not on continuously.  Always-on devices get a wired connection.
Portable devices get connected when needed and turned off when not.  In
my case I'd estimate about three hours a week of wireless usage so
someone would have to wait an awfully long time without being noticed to
sniff and snag one of my MACs.

On the other hand MAC filtering does help keep neighbors and visitors
off the network key or not.  No MAC in the filter list no IP address
from the DHCP server.

> 
> Use a long passphrase, unguessable and be happy.  If you want real security,
> use a key-based RADIUS server and VPN.
> 
> It is all about trade-offs. Convenience and security. Only you can choose the
> right mix for your needs.



More information about the Ale mailing list