Computer Science Canada Password or MAC filter? |
| Author: | Roman [ Thu Sep 17, 2009 6:06 pm ] |
| Post subject: | Password or MAC filter? |
Hey, I'm curious: when you're setting up a router, which is more "secure" - putting in a password or a MAC address filter? By secure I mean which would be harder to bypass. Thanks in advance, Cheers, -Roman Z. |
|
| Author: | Insectoid [ Thu Sep 17, 2009 6:18 pm ] |
| Post subject: | RE:Password or MAC filter? |
A MAC filter I think, because a password can be broken in a relatively short amount of time depending on the encriptionwhereas it's quite difficult to face a MAC. |
|
| Author: | BigBear [ Thu Sep 17, 2009 6:22 pm ] |
| Post subject: | RE:Password or MAC filter? |
Mac address but it would be a pain when a friend comes over etc |
|
| Author: | DtY [ Thu Sep 17, 2009 6:28 pm ] |
| Post subject: | RE:Password or MAC filter? |
MAC address filters are not secure at all. WEP encryption is cracked, WPA is not. all you have to do to bypass a MAC address filter is wait until someone disconnects from the network, and then spoof their address. |
|
| Author: | [Gandalf] [ Thu Sep 17, 2009 6:38 pm ] |
| Post subject: | RE:Password or MAC filter? |
Whatever form of security it allows except WEP encryption or MAC filtering. WPA2 is generally a fine option. |
|
| Author: | rdrake [ Thu Sep 17, 2009 8:08 pm ] |
| Post subject: | RE:Password or MAC filter? |
Can't you, like, spoof MAC addresses? |
|
| Author: | andrew. [ Thu Sep 17, 2009 10:06 pm ] |
| Post subject: | RE:Password or MAC filter? |
Yeah, but how would they know what MAC address to spoof? My router at home has a DHCP server running with only our devices set up, a MAC filter, and a WEP code. Even though it has WEP security, I think it's pretty safe because of the other things and also because it's hidden. Even if it's unsafe, there's not much else I can do except buy a new router. |
|
| Author: | DtY [ Fri Sep 18, 2009 6:50 am ] |
| Post subject: | Re: RE:Password or MAC filter? |
andrew. @ Thu Sep 17, 2009 10:06 pm wrote: Yeah, but how would they know what MAC address to spoof? My router at home has a DHCP server running with only our devices set up, a MAC filter, and a WEP code. Even though it has WEP security, I think it's pretty safe because of the other things and also because it's hidden. Even if it's unsafe, there's not much else I can do except buy a new router.
You watch what other MAC addresses are connecting. It's a lot of work when there are probably open networks on all sides of you, but once they know the address to spoof, they can keep using the same one. |
|
| Author: | octopi [ Fri Sep 18, 2009 1:41 pm ] |
| Post subject: | Re: RE:Password or MAC filter? |
andrew. @ Thu Sep 17, 2009 10:06 pm wrote: Yeah, but how would they know what MAC address to spoof?
How would people know what password to use to break in?.....brute force and/or monitoring data transfer |
|
| Author: | andrew. [ Fri Sep 18, 2009 2:43 pm ] |
| Post subject: | RE:Password or MAC filter? |
What would happen if they connect while another device with the same MAC address is connecting? Would it not allow them to connect, or would they both connect or none of them? If they both connect, could that mean that the packets sent out would be picked up by both? |
|
| Author: | DtY [ Fri Sep 18, 2009 2:50 pm ] |
| Post subject: | Re: RE:Password or MAC filter? |
andrew. @ Fri Sep 18, 2009 2:43 pm wrote: What would happen if they connect while another device with the same MAC address is connecting? Would it not allow them to connect, or would they both connect or none of them? If they both connect, could that mean that the packets sent out would be picked up by both?
They'd both receive the packets (actually, everyone receives every packet on a wireless netowrk, but I'm pretty sure both computers would accept them as their own). (And now that I think about it, the access point might boot you if someone is already connected with that MAC address, but if not, you should get the same IP address as the other computer) |
|
| Author: | BigBear [ Fri Sep 18, 2009 3:50 pm ] |
| Post subject: | RE:Password or MAC filter? |
So does a router assign a local address based on mac address or just gives one when you log on? |
|
| Author: | Tony [ Fri Sep 18, 2009 4:12 pm ] |
| Post subject: | RE:Password or MAC filter? |
MAC address comes into play for static local IPs. For more detail, see http://en.wikipedia.org/wiki/DHCP |
|
| Author: | DtY [ Fri Sep 18, 2009 4:36 pm ] |
| Post subject: | Re: RE:Password or MAC filter? |
BigBear @ Fri Sep 18, 2009 3:50 pm wrote: So does a router assign a local address based on mac address or just gives one when you log on?
You get one when you connect (assuming DHCP is on), that you get for a certain amount of time before your computer asks for a new one. Afaik, there's no guarantee at all you'll get the same (local) IP address again, but with my experience with DD-WRT is that you'll always get the same one (though I'm sure you wont if it runs out and has to recycle yours while you're not on) If you want ti know more, read the article Tony linked to |
|
| Author: | BigBear [ Sat Sep 19, 2009 7:18 pm ] |
| Post subject: | RE:Password or MAC filter? |
So then the question is what is easier to obtain a password or a mac address. And if you cannot connect at certain times or get kick off repeatedly wouldn't you look into that. I'm still think Mac address is safer |
|
| Author: | DtY [ Sat Sep 19, 2009 9:17 pm ] |
| Post subject: | Re: RE:Password or MAC filter? |
BigBear @ Sat Sep 19, 2009 7:18 pm wrote: So then the question is what is easier to obtain a password or a mac address.
And if you cannot connect at certain times or get kick off repeatedly wouldn't you look into that. I'm still think Mac address is safer If you're using WEP, you need to watch packets go through, so it's about as hard to crack as a MAC address filter. WPA on the other hand is perfectly secure, you cannot crack it, unless anyone has proof otherwise, there's no need to discuss. [edit] The only reason to not use WPA is if you have hardware that does not support it, all I can think of that doesn't is the Nintendo DS, and I think (actually, making a guess) that the DSi supports WPA. |
|
| Author: | jernst [ Sat Sep 19, 2009 9:21 pm ] |
| Post subject: | Re: Password or MAC filter? |
The MAC is easier to get. You just need to overhear some of the packets to figure out which macs are getting access and then use that. If there is a password you usually need to capture alot of packets or use brute force to crack it, both of which seem to me would take a longer amount of time. ps for the guy who thinks wpa is impossible: http://aircrack-ng.org/doku.php?id=cracking_wpa |
|
| Author: | DtY [ Sat Sep 19, 2009 10:19 pm ] |
| Post subject: | RE:Password or MAC filter? |
Quote: WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys.
Quote: The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length.
Quote: It can take hours, if not days, to crunch through a large dictionary.
So really, it sounds to me like WPA is as secure as online banking. |
|
| Author: | [Gandalf] [ Sun Sep 20, 2009 1:45 am ] |
| Post subject: | RE:Password or MAC filter? |
Not really, since most WPA uses pre-shared keys, and with time and increased computing power the key gets weaker and weaker. You should not be relying on this, if you are truly concerned about security. And with statements like: Quote: WPA on the other hand is perfectly secure, you cannot crack it, unless anyone has proof otherwise, there's no need to discuss.
You were, literally, asking for that link. |
|
| Author: | DtY [ Sun Sep 20, 2009 8:07 am ] |
| Post subject: | RE:Password or MAC filter? |
The link described how to do a brute force attack on a WPA network with a weak password. Being able to brute force a weak password does not make an encryption scheme less secure. My point in comparing it to online banking is that your network is only as secure as your password. |
|
| Author: | DemonWasp [ Mon Sep 21, 2009 8:41 am ] |
| Post subject: | RE:Password or MAC filter? |
You may want to read up on the RSA encryption scheme and how ridiculously tough it is to brute-force (this is what is used by secured websites to encrypt content). It's difficult enough that we're still not entirely sure how difficult it really is to crack. The problem for the attacker boils down to this: you have an incredibly large number M. You know that M = a * b and that a and b are both prime. Find a and b! Humans are, of course, still the huge weak point in any security scheme. |
|
| Author: | Roman [ Mon Sep 21, 2009 2:10 pm ] |
| Post subject: | RE:Password or MAC filter? |
Well I've got WPA2 with a 10-digit number that's easy to remember but very hard to simply guess. I suppose with passwords like 1122334455 no encryption would really help though. Cheers, -Roman Z. |
|
| Author: | Jeremy1 [ Mon Apr 12, 2010 7:17 am ] |
| Post subject: | RE:Password or MAC filter? |
What about password i prefer use LoginTrap.It’s prog can capture every login events by using iSight.It's nice prog. |
|