Mac Filtering Wpa Wireless?

[shanenin]

I bought a linksys wirelss router a while back, I initially disables wireless, but had to reset the router a while back, since then I have had a completely open network. I noticed this today when I installed my new wireless card, it attached to the router with out any security :-( . I hope I was not running a porn server.

I enabled mac filtering, so I am pretty certain no one else can now use my router, but have a question. With out enableing wep or wpa is all of my web traffic and passwords used on that computer being transmitted around town, or does mac filtering stop that?

Edited September 19, 2005 by shanenin

[parkgoons]

MAC filtering only stopes people that arent on your approved MAC list from gaining access to your network... it will keep your average joe neighbor out but if someone has skills and can clone one of your machines MAC's then they will have access to your router, resources everything that is going through your network they will be able to find and see using programs that are designed to unpackage packets. Enable WEP or WPA if you want the best but if you dont live in a metro area then your MAC filtering should do you just fine. One last thing mac filtering does NOT stop all your wireless data from being exposed to anyone with airsnare.

[CataclysmCow]

With out enableing wep or wpa is all of my web traffic and passwords used on that computer being transmitted around town, or does mac filtering stop that?

<{POST_SNAPBACK}>

Unless the traffic was encrypted at a higher layer (SSL for example), yes the traffic is in clear type for all to see. You don't need to be associated with the AP in order to sniff WiFi traffic.

Remember that if you leave your WLAN open you aren't just giving people access to your network, you are giving them access to your computer as well. It takes about 2 minutes to gain full access to a typical WinOS computer. The easiest way to secure your WLAN is to use WPA.

One last thing mac filtering does NOT stop all your wireless data from being exposed to anyone with airsnare.

I believe Airsnare still uses Ethereal/Winpcap? Winpcap will only "see" traffic on the network you are associated with. You'd need a 802.11 sniffer like Kismet, Airopeek, NA's Sniffer, etc to gather frames from a network you aren't associated with.

Edited September 19, 2005 by CataclysmCow

[parkgoons]

correct me if im wrong but i thought the way most hackers get into WEP enabled networks was by requesting access to it then capturing the packets and looking through them with airsnare. the source of my information isnt that reliable soo please do make any corrections to that statement.

[uberpenguin]

correct me if im wrong but i thought the way most hackers get into WEP enabled networks was by requesting access to it then capturing the packets and looking through them with airsnare. the source of my information isnt that reliable soo please do make any corrections to that statement.

<{POST_SNAPBACK}>

You might be thinking of a replay attack, which is when an attacker captures a useful packet that generates a response of known length (ARP is almost always what is used), and replays it over and over in order to generate a lot of encrypted traffic to analyze.

The actual cryptanalysis, however, is done by the same means regardless of whether the attack is active or passive. That is, you can totally passively (non-detectably) crack WEP.

-uberpenguin

[parkgoons]

Yea that is exactly what i was talking about, which is why id just enable WPA and correct me if im wrong again but doesnt the key change about every 10 minutes soo even when an attacker finds a certain key he is too late, which is why they say WPA is uncrackable (at the moment).