On Tuesday 17 May 2011 22:01:11 JD wrote: > On 05/17/11 12:23, Marko Vojinovic wrote: > > On Tuesday 17 May 2011 19:47:24 JD wrote: > >> On 05/17/11 11:23, Steve Searle wrote: > >>> Around 07:16pm on Tuesday, May 17, 2011 (UK time), JD scrawled: > >>>> Right. Also, it is not necessarily "neighbours" that are adjacent > >>>> you your house or a few houses down. Someone can park a car > >>>> not far from your house, and using the type of home-made antenna > >>>> James mentioned, they can hack your network. > >>>> I would strongly encourage you to use MAC address whitelist. > >>> > >>> Because someone with the knowhow to make antenna like this and hack > >>> your wireless password would have no idea how to spoof mac addresses? > >>> > >>> Steve > >> > >> It just reduces the number of would be hackers to those > >> with the knowhow. And the probability that such > >> knowledgeable hackers being near your vicinity is much > >> less than the casual hackers without such knowledge. > >> In network security, even the simplest measures should > >> not be dropped just because there are those with the tools > >> and the knowhow to hack it. It's like saying No need to lock > >> your car because the door can easily be opened by an > >> expert carthief. > > > > Oh, come on, it took me cca 20 minutes to go from being an absolute noob > > to being able to crack my own network. It requires reading through one > > web page and four man pages. > > > > > From man aireplay-ng: > > -h<smac> > > > > Set source MAC address. > > > > Read the output of airodump-ng for a MAC address of an already connected > > client to find one that is allowed by the access point firewall. How much > > of an expert one needs to be to use an option switch in a command? > > > > Really, people typically have no idea how easy it is to crack a wireless > > until they actually try it, at least once. After that, one gets to > > appreciate what is really a security measure, and what is the "please > > don't open me" sign on the door. > > > > MAC spoofing is trivial. Even in Windows there is a field to type a > > desired MAC somewhere in the network settings... > > Too much bluster here. > Show us any credible publication > that claims wpa2-ps/AES has been easily cracked > or even cracked at all. I didn't say that cracking wpa2-ps/aes is easy. I was saying that, whatever the security algorithm you are trying to crack, having a hidden SSID and filtered MAC is not going to make it *any* harder than having a public SSID and no MAC filtering. That data is essentially publicly available to anyone in range, and can be obtained with no effort at all. One doesn't even need the know-how, one can just type a single command in the terminal and have all that "hidden" stuff displayed on the screen. And that command is something you would type anyway if you want to crack a wireless network. In other words, hiding SSID and filtering MACs adds absolutely *nothing* to the security of the network. It is not even an extra step that one would need to deal with while cracking. It is literally equivalent to "please don't open me" sign on the door. Using a serious security algorithm is essential for a wireless network, but saying that hiding SSID and filtering MAC addresses adds an additional layer of security is just plain wrong. Best, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
