From: Darrell Greenwood (lists1_at_telus.net)
Date: Fri Apr 25 2003 - 23:23:45 PDT
On 4/25/03 at 11:07 PM -0400, Brian Pearce wrote :
>If you have reason to be truly concerned, you'll be better off
>restricting access to a wireless network by MAC address; it's more
>secure.
Hmmm. MAC address restriction gives no protection against passive
monitoring by such tools as Kismet <http://www.kismetwireless.net/>.
And MAC address spoofing is simple.
From <http://www.uniras.gov.uk/l1/l2/l3/tech_reports/NISCCTechnicalNote04.htm>
>By restricting the MAC addresses that can connect to
>a wireless access point it is possible to provide some access
>control. However, because the MAC address is sent in clear in the
>data link layer header, it can be obtained by network monitoring and
>the MAC address of an attacker's wireless network card altered to
>correspond to it (known as MAC address spoofing).
Enabling WEP with a random hex key means any attacker has to work a
bit and collect several million packets before he can read your
packets.
Cheers,
Darrell
-- This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html Official Newton FAQ: http://www.chuma.org/newton/faq/
This archive was generated by hypermail 2.1.5 : Sat Apr 26 2003 - 01:30:00 PDT