Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

WEP sufficient if I restrict MAC Addresses??

  • 14-03-2011 1:59pm
    #1
    Registered Users, Registered Users 2 Posts: 455 ✭✭


    Hi.
    I'd appreciate assistance here.

    I use a home WiFi network. Unfortunately 2 of the devices (media players) I use only allow WEP security when using wirelessly. I know WEP is actually not very good security.

    To overcome this I have set the router to restrict access to only particular devices using their MAC address.

    I just wonder is this sufficient? Can I feel safe that no one can access my network wirelessly outside these MAC addresses?

    Thanks for help.


Comments

  • Registered Users, Registered Users 2 Posts: 1,772 ✭✭✭woolymammoth


    maximus02 wrote: »
    Can I feel safe that no one can access my network wirelessly outside these MAC addresses?
    sorry, but no!

    WEP is not just not very good, it's rubbish! You see, once the encryption is broken, enough data can be got to spoof the MAC address, so any intruder can literally pretend to be any device you have plugged into your network. MAC filtering will act as a deterrant against some kid who isn't pushed, but if someone really wants to break in, they will.


  • Closed Accounts Posts: 1,990 ✭✭✭JustAddWater


    To further restrict this, if WEP is your only option, you can disable SSID broadcast and configure your other devices to connect to the SSID even if not broadcasting

    Not sure if all of your devices would support it but certainly a PC running windows XP upwards does (not sure about phones and MAC's)

    Again it's not great but everything you can do would be better than nothing!


  • Registered Users, Registered Users 2 Posts: 1,772 ✭✭✭woolymammoth


    Again it's not great but everything you can do would be better than nothing!
    The anything is better than nothing argument only gives a false sense of security. The fact is, Someone who knows how to scan data, crack WEP, and spoof addresses, will not be scanning for wireless networks using just Windows networking! Not trying to scaremonger, but just know the reality and the limitations of what you're using. If you're seriously concerned about the security of your wireless network, just don't use WEP.


  • Registered Users, Registered Users 2 Posts: 455 ✭✭maximus02


    Thanks for replies.

    I wouldn't say I am 'seriously' concerned about my security and I certainly can't afford to replace my WEP devices right now. So I shall investigate further.

    In the meantime is it possible to get software (XP) which can detect and show me list of any devices which are attempting to access my router?

    Thanks


  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    WEP with MAC address filtering is the equivalent of locking the front door and windows of your house, but leaving the back door wide open. Sure it might stop the casual person walking by who randomly tries the handle, but anyone who actually wants to get in will, at a minimum, try all the doors

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Advertisement
  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    To further restrict this, if WEP is your only option, you can disable SSID broadcast and configure your other devices to connect to the SSID even if not broadcasting

    Not sure if all of your devices would support it but certainly a PC running windows XP upwards does (not sure about phones and MAC's)

    Again it's not great but everything you can do would be better than nothing!
    Kismet will still pick up the SSID from the packets - it's been around for ages


    netstumbler doesn't see AP's with disabled SSID's unless they respond to probe requests which many do


    Bit problem with hiding the SSID is that the neighbours may not realise that you are on the same channel they are on and so both of you interfere with each other.




    Changing the MAC is a one liner in Windows and Linux once you have the see the valid addresses with your scanner

    http://www.windowsreference.com/networking/how-to-change-mac-address-in-windows-registry/ = the key to add to change MAC in windows , to do from the command line you use reg.exe

    with linux sudo ifconfig eth1 hw ether 00:00:00:00:00:01


  • Moderators, Education Moderators, Home & Garden Moderators Posts: 8,260 Mod ✭✭✭✭Jonathan


    Set up two SSIDs and put the WEP network onto a different subnet.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    maximus02 wrote: »
    Thanks for replies.

    I wouldn't say I am 'seriously' concerned about my security and I certainly can't afford to replace my WEP devices right now. So I shall investigate further.

    In the meantime is it possible to get software (XP) which can detect and show me list of any devices which are attempting to access my router?

    Thanks
    you could setup wireshark on the wirless card to sniff out traffic but an automated intrusion detection system is a bit beyond XP since anyone connecting will be spoofing existing MAC's


    Using WEP on a second network on the WAN side of the WPA router isn't such a bad idea. Also scan your neighbours to see if there is any lower hanging fruit to take the pressure off you


Advertisement