Re: Protected WLAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2011-05-22 at 08:40 -0700, JD wrote:
> I was referring to the use of MAC filtering which is
> soundly defeated by the transmission of the MAC
> in the clear. So, MAC filtering is absolutely useless
> as a security measure.
> If I turn off my machine, the hacker has my MAC, and
> will have 1 less thing to worry about getting.
>  
> My reliance is then totally on wpa2-psk/aes and a
> well chosen 63 byte pass-phrase.

Yay!  He's got it...

You do realise what the MAC is for?  It's the name of that particular
hardware interface, it's address, it's location...  So that when data
goes out on the wire, that's where it's intended for.

As far as network switches and routers go, it's the way of saying data
for IP 192.168.1.whatever goes to/through MAC xx:yy:zz:etc.  It's the
MAC it's using.

It's a vital part of basic networking, whether encrypted or not, it
can't be hidden from view.

Filtering using it can only ever be slightly effective.  Likewise with
filtering by IP.  Both are readily seen on a network, even if the data
can't be read.  And both are easily changed.

Encryption, on the other hand, involves co-relating pseudo-random keys
on both half of the connection.  Where the key is a computation against
a pass-phrase, and requires both sides to use the same pass phrase, and
maths.  A third party is going to have one hell of a time trying to fake
their way into that, unless the encryption scheme is crap (e.g. WEP and
WPA are useless).

Usually, well encrypted connections are hacked by:  Guessing stupidly
chosen passwords or stealing them (copying written notes, implanting
trojans, asking someone to login to something and hoping they'll use the
same password).  The latter being dead easy.  Lots of people use the
same password for everything.  And how often do you see some website
that asks you to login using your Hotmail address and password?  And
people do, without giving any thought about it.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.




-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux