My point is WPA or WEP would be like a steel door to your house protecting it. Mac address filtering is like putting saran wrap behind the steel door that most of it will rip once you figured out a way past the steel door as "additional security". It provides virtually no additional security above WPA/WEP, only additional administrative overhead; in fact, what is needed to bypass MAC address filtering is already in hand from getting through WEP and WPA. Layered security is a term used to discuss adding additional *effective* layers of security. If you want an additional layer of security with wifi over WEP or WPA, put a firewall between your wifi network and the rest of your network to limit what traffic can flow, or add additional encryption or authentication by requiring IPSec. I'm a big fan of layered security, don't get me wrong, but you also have to remember that we ALL want our networks to be secure, but the reason all our networks aren't secured is because security often comes at the cost of functionality and/or administrative overhead. This is a case where you gain little if any additional security, but gain significantly in administrative overhead. What's the point? "Republicans in Congress are moving to ratify a constitutional amendment to ban flag burning, thus ending the Iraq insurgency."

0

The point is that we appear to disagree on what is "effective" in this scenario. Also, please discuss the issue directly; don't obfuscate it with analogies. There are a number of ways in which a WPA-encrypted network can be attacked without first breaking WPA. Restricting which machines can put packets on the network in the first place does something to mitigate these types of attacks. I'd call that effective. Given that this is a SOHO network being managed by a person who is not a "techie admin", measures such as IPSEC or effective firewalling may not be readily available. Or if they are available, may be prohibitively complex to implement. MAC filtering probably is readily available, and is pretty trivial to implement. Put simply, MAC filtering is a realistic option. IPSEC or firewalling likely is not. You need to evaluate the situation for what it is, not what it might ideally be. Also, how much additional administrative overhead do you think will be incurred managing MAC filtering on a small network? If this were a high-traffic network with a large or variable number of machines, the administration requirements might outweigh the (admittedly slight) benefits of MAC filtering. On a small network where the list of allowed hosts is going to be pretty close to static, "administrative overhead" is virtually a non-issue.

0

"Which is another way of saying, anyone who wants access to your network can get it even if WEP is enabled." "...MAC filtering provides an extra layer of security" Alrighty then... Looks like somebody needs to learn a little more about wireless security, he, he, he! I didn't say WEP was perfect! I said that it will keep 99% of unauthorized users out. And it will! You seem to think that ANYONE would have the ability and desire to crack it. Simply rubish!!! Anyway, I find it funny that you'd completely discount the useability of WEP and then turn around and defend MAC address filtering as being effective!!! Heropsycho pretty much hit it right on the head. MAC address filtering is about the easiest "layer" to overcome. Far easier than cracking WEP... Robert Pectol http://rob.pectol.com/

0

Mmmm...sarcasm. WPA-PSK is susceptible to dictionary attacks. Use of MAC filtering prevents the use of dictionary attacks, mitigating one of WPA's primary known weaknesses. By itself MAC filtering is pretty useless. Used in conjunction with WPA, the two are stronger and more effective than WPA alone. Get it? And please.... >>You seem to think that ANYONE would have the ability and desire to crack it [WEP]. Effectively, yes. There are numerous "script kiddie" tools that require no more than access to a WEP-encrypted signal and time to crack WEP. Ability really isn't a factor.

0

Ahhh yes! Sarcasm... and some humor (the bit about needing to learn a little more about wireless security)! Obviously you have a fair amount of knowledge in this area. I won't discount that in this posting. WPA is obviously the preferred choice over WEP, which I don't recall ever being the issue in this thread. My point is simply that enabling WEP will keep almost all unauthorized users out. You can argue the point 'til you're blue in the face but the fact remains! Yes, there are readily available tools for cracking WEP. Yes, anyone can get them. It's arguable as to whether or not the average joe shmoe would be able to make use of them let alone go out looking for them, download them, take the time to effectively use them and then passively sit there waiting and sniffing packets until he finally cracks it. Hence the un-accounted for 1% that might just have the tools and the will to do it. Analogies... Let's use just one more, please? Ok, thanks... My front door has a lock on it. If I refused to lock it and deemed it a waste of my time to do so, simply because I knew that there are those out there with pick sets and the ability to unlock it without my key, would that make any sense? Of course not! Would a steel door with more locks and an armed guard posted in front of it be more effective at keeping an intruder out? Of course! - WEP vs. WPA. As time goes on, more and more devices, networks, etc. will be secured with better technologies such as WPA. However, WEP is existant in virtually all wireless networking devices. All I'm suggesting is that we use what we've got in the meantime. If that happens to be WPA, then great! If not, Don't discount the option to use WEP. It's far better than nothing!!! Anyway, cheers! Robert Pectol http://rob.pectol.com/

0

I basically agree with you, especially on this point: WPA is obviously the preferred choice over WEP, which I don't recall ever being the issue in this thread. My point is simply that enabling WEP will keep almost all unauthorized users out. You can argue the point 'til you're blue in the face but the fact remains! In a large percentage of situations (maybe even 99%), WEP will be just as effective as WPA. But, given the choice, WPA is preferable to WEP for that other 1%. So I don't discount WEP at all. Guess I should have bolded the second sentence in response #2 for emphasis ;)

0

"Also, please discuss the issue directly; don't obfuscate it with analogies." You can't say I'm obfuscating until you prove my analogy is wrong. And please don't tell me how to make my points. Speaking of obfuscating... "There are a number of ways in which a WPA-encrypted network can be attacked without first breaking WPA. Restricting which machines can put packets on the network in the first place does something to mitigate these types of attacks. I'd call that effective." You can't name one attack against a properly configured and maintained WEP OR WPA scheme that MAC address filtering can prevent. You tried but failed... "WPA-PSK is susceptible to dictionary attacks. Use of MAC filtering prevents the use of dictionary attacks, mitigating one of WPA's primary known weaknesses." That's an absurd example. No wireless encryption scheme protects the signal of a wifi network; anyone with the proper protocol on their wifi NIC can intercept the actual signal, hence why we do encryption. Anyone can capture your wifi traffic, but until they break the encryption scheme, the traffic is useless. Given that, anyone breaking into a wifi network is going to first capture traffic, and if not, they can do it at anytime. You are suggesting they can just do a brute force dictionary attack without capturing traffic. First of all, you'd have to be a moron to attempt this attack without capturing traffic, and cracking the key because of the reason you're proposing to enable it. You guessing a key unless someone is using a weak key such as 64-bit or something like aaaaaaaaaaa... on a 128-bit key is less likely than winning the lottery, and this attack is only successful on a pre-shared key encryption system. On top of that, it would take YEARS to break a 128-bit key on average. That's why hackers do it via running the key against captured traffic, because it's well known that MAC address filtering could be on, so the only sure way to test a key is run it against captured traffic to see if decryption is successful, and it's much faster to crack a key using captured traffic than dictionary attacks to boot anyway. Which again, the better solution than MAC address filtering was set your encryption up correctly in the first place - using WPA instead of WEP, strong keys in bit length and character complexity, not using WPA-PSK in favor of better WPA methods, and changing preshared keys in WEP or WPA-PSK periodically when you are using them. The only way your argument holds water is if a hacker was smart enough to try this, dumb enough to not capture traffic in the first place which guides on how to do this ALL begin with capturing traffic, persistant enough to continue trying the dictionary approach, and the target didn't do the other things that should be done anyway. Any other attack you could think of would require breaking WEP/WPA first since MAC addresses aren't even seen until the wifi signal is decrypted by the WAP, and again, once that's done, wifi traffic then could be captured and examined to obtain a valid MAC address, and 99.9999% of the time, traffic was already captured in order to break the encryption in the first place. So again, I don't see the point. Anyone with half a brain would capture traffic to break WPA or WEP to ensure they know the right key when they crack it and to speed up the cracking process, and if you allowed anyone else into your wifi network through the method you're describing, shame on you for being an idiot admin enabling MAC address filtering and maintaining the filter list instead of doing something that actually makes a difference. "Pat Buchanan, Bob Novak, and G. Gordon Liddy don't like Mark Felt. Mark Felt is truly a great man."

0

"You tried but failed..." "you'd have to be a moron..." "Anyone with half a brain..." "shame on you for being an idiot..." And on and on. What is with your hostility, heropsycho? You sound like an angry child. Once again, trying to have a discussion with you proves pointless because, well, you're just too cool for school. Have fun with that. >>You are suggesting they can just do a brute force dictionary attack without capturing traffic No, I am not suggesting that at all. This is a well-known method of attacking WPA. Here is an overview, if you would care to read it. >> not using WPA-PSK in favor of better WPA methods Read what I wrote. This attack only applies to WPA-PSK. And what do you think is in use on most SOHO routers? That's right! WPA-PSK. Of course there are better solutions than MAC filtering. But given the solutions available to the original poster - of which MAC filtering is one, and RADIUS is probably not - I simply disagree with your assertion that "MAC address filtering is a complete waste of time." You're not wrong about much of anything else here. Can you accept that, or do you just want to keep stomping your feet?

0

edit for some actual content: There are a number of ways in which MAC filtering can be beneficial. Some of them are... 1. The last .01% Not all attackers will have the knowledge or ability to spoof their MAC address. True, 99.99% will. But what about that last .01%? MAC filtering fixes that. And if MAC filtering is cost-free in terms of administrative overhead - which it almost certainly is on a SOHO network - why would you choose to leave that (admittedly small) vulnerability undefended? 2. Intrusion detection MAC spoofing can be detected. If you know which MAC addresses should be accessing your network it's easier to monitor them, especially on a larger network. Granted, the infrastructure to do so probably won't be available to a SOHO user, but most of your argument seems to assume corporate-scale networks anyway. Here's a paper on the subject. There's also a way to examine the "manufacturer" portion of a MAC to determine if it's being spoofed. Don't have a link to any info on that, so take it as you will. Or, for the less well equiped, having duplicate MAC addresses on a network will break ARP in fairly obvious ways. 3. Intrusion response Using the techniques described in #2, it should be fairly easy to detect and deny access to a duplicated or spoofed MAC address. Again, a SOHO user isn't likely to have the resources to do this. Ok, so all of those fall into the "why bother" category. For the original poster, the only relevant answer is probably #1. And since MAC filtering is, for him, essentially cost free - why not? It's not like he'll be setting up a RADIUS server anytime soon. And you are right, there are definitely other steps to take in securing even a SOHO network. Would you mind providing some links to documentation on that? For the rest of the world - including your hypothetically perfect IT shop - MAC filtering does not have a very large ROI. But neither is it a "complete waste of time". Sorry if that seems "moron[ic]", "idiot[ic]", or "half brain[ed]" to you. I guess I'm just used to working with professionals who don't have to always be absolutely right without room for discussion. I've worked with people like that, and I can tell you that they don't get much accomplished in the real world, in the long run. Know what I mean?

0

"What is with your hostility, heropsycho?" You're kidding me! What's with your condescending attitude with this classic line... "Also, please discuss the issue directly; don't *obfuscate* it with analogies." First of all, you're not the judge of appropriate debate tactics. Secondly, what's the matter? Someone disagrees with you, and you think that gives you the right to tell me I can't use analogies that clearly make my point? Plus, the use of the word *obfuscate*, LOL... After you lecturing me on the proper way to discuss this, you're actually criticizing me for calling someone who is trying to attack a network in a bassackwards way or someone who doesn't secure their wifi network properly a moron, etc. Wow, that's uh...I dunno, I can't think of a word to call that but to just say you're trying to make it sound like I was calling you literally a moron or something, which I was clearly referring to an either hackers who don't know what they're doing, or an idiot admin who didn't do the proper things to secure their network. Nice selective quotes there, let's see who I actually called those various things. "First of all, you'd have to be a moron to attempt this attack without capturing traffic" "Anyone with half a brain would capture traffic to break WPA or WEP to ensure they know the right key when they crack it and to speed up the cracking process" "if you allowed anyone else into your wifi network through the method you're describing, shame on you for being an idiot admin enabling MAC address filtering and maintaining the filter list instead of doing something that actually makes a difference." There was also a bit of sarcasm in what I was saying, but apparently I'm not allowed to be sarcastic. Dang it, I just got sarcastic again, didn't I? Anyway, on with the show... "This is a well-known method of attacking WPA." It's also a common attack on WEP before the hacker tools came out to crack the key more efficiently. And MAC address filtering does nothing to stop it other than like I said prevent the hacker who knows to try it but doesn't know to capture data first. Now if I were to try to hack into a wifi network using WEP or WPA-PSK, what would I do if I didn't know how? Hmmm, probably google it. When now even mainstream sites like www.tomshardware.com has a guide showing you how to do it, and the first step is capture traffic, game is over. They will find a valid MAC address once they figure out the key. "If you know which MAC addresses should be accessing your network it's easier to monitor them, especially on a larger network." Most large scale networks don't even do MAC address filtering. They use better strategies like isolating the wifi LAN segment, implementing RADIUS, use VPN type security strategies, etc. The reason is like I said, it's a waste of time to do MAC address filtering. In his case, he wouldn't be able to use this strategy, so he doesn't buy anything either. Not good for SOHO, not good for large corps...sounds like MAC address filtering is a complete waste for pretty much any network that's encrypted because like I said, once the encryption is broken, MAC address filtering won't do squat. "Again, a SOHO user isn't likely to have the resources to do this." OK, so you blasted me for mentioning what large corporate networks that actually are effective, but then you come back with this strategy you know he probably can't implement? *scratching head* "The last .01%" Correction, this again eliminates the threat of only the people who know about hacking into Wifi networks but don't know how to change their MAC address, or don't think to capture traffic to crack the pre-shared key instead of random guessing. And it only works on PSK protected encryption schemes. I say it prevents an extra .0000000000001% more like on only SOME WPA wifi networks, which could have been better dealt with doing something else, many of which strategies have less administrative overhead, and are far more effective. Heck, turning off your WAP when not in use is more effective, and you didn't even mention that! "This attack only applies to WPA-PSK." Actually it's used for WEP as well, since WEP uses a pre-shared key. However, wardrivers who attempt to hack WEP networks use other shortcut methods to break WEP instead of dictionary attacks because it's faster and more effective in getting into networks. This also suggests that such tools will probably become available for WPA-PSK networks relatively soon. These techniques again utilize captured traffic. Not only that, but you're fully admitting that this strategy only prevents attacks in one type of WPA network, making MAC address filtering even less desirable to use. "Ok, so all of those fall into the "why bother" category. For the original poster, the only relevant answer is probably #1. And since MAC filtering is, for him, essentially cost free - why not?" Because 99.99999999999% of the people who would know how to break through WPA encryption would get through MAC address filtering as well. Because after all, if they didn't know, when they searched the net on how, the first step in cracking PSK encryption of a wifi network is to capture traffic. This was my point all along. Even turning off or disabling your WAP when not being used is more effective in securing your wifi network than MAC address filtering, which is also free! "Not all attackers will have the knowledge or ability to spoof their MAC address." I googled "how to change your mac address", and guess what I found! 2nd hit no less... http://www.nthelp.com/NT6/change_mac_w2k.htm Surely someone smart enough to break your encryption would think to google that, or perhaps they may already know it, wouldn't you agree? "I've worked with people like that, and I can tell you that they don't get much accomplished in the real world, in the long run. Know what I mean?" Actually, I've worked with people like that who don't get anything done. That's because those people didn't actually know their stuff. I've also worked with people who do know their stuff and act like that, and they get stuff done. "I guess I'm just used to working with professionals who don't have to always be absolutely right without room for discussion." I'm used to people who dish out heat, and when they get nailed back, they can actually take it instead of accusing the other person of being "hostile" when they started it. "Pat Buchanan, Bob Novak, and G. Gordon Liddy don't like Mark Felt. Mark Felt is truly a great man."

0

>>OK, so you blasted me... >>I'm used to people who dish out heat Blasted you? Dished out heat? This isn't a bar brawl or a flame-fest on some Counterstrike message board, heropsycho. You seem to perceive every debate as a fight. I'll take note of that, and try to steer clear of your threads in the future. It's obvious you have no interest in mature, rational discussion. I do thank you for posting this, however: I'm used to people who dish out heat, and when they get nailed back, they can actually take it instead of accusing the other person of being "hostile" when they started it. Because it's always important to know "who started it". What is this, fourth grade?

0

Oh, and by the way... >>"This is a well-known method of attacking WPA." >>It's also a common attack on WEP before the hacker tools came out to crack the key more efficiently. You didn't read the paper, did you ;)

0

"You didn't read the paper, did you ;)" Skimmed it. I already knew all that material. You didn't address a single fact in my prior post, did you? "You seem to perceive every debate as a fight." I didn't pick the fight here, buddy. Lay off patronizing people, and if you don't, take what's coming to you instead of whining about the fact others won't take any of your crap. "Because it's always important to know "who started it". What is this, fourth grade?" Mature people don't lecture others about debate tactics on an informal forum. BTW, similes and metaphors are actually praised in debate. "It's obvious you have no interest in mature, rational discussion." I countered every one of your points with facts and reasons. You accused me of wanting to fight instead of debate after you picked the fight, implied I was immature for calling you on that, and didn't address a single fact in my last post. Who do you think you're fooling? "Pat Buchanan, Bob Novak, and G. Gordon Liddy don't like Mark Felt. Mark Felt is truly a great man."

0

Arrgh...why do I bother.... All of these abstract arguments aside, the fact remains that the person sitting outside the original poster's network is not likely to be particularly skilled or knowledgeable. It is well within the realm of possibility that such a person could crack WEP/WPA and not have the wherewithal to know what to do with it. I have seen similar situations on more than a few occasions. To wit: WPA is cracked, hotspot location and WPA key is posted to semi-public message board, local script kiddies drive by and attempt to connect. Failing on their first attempt (due to MAC filtering) they move on. Think it doesn't happen? Think again. This is what I am suggesting: that the OP use the tools available too him to their fullest reasonable extent, regardless of how ineffectual they may be. For the sake of discussion, let's assume that you are completely correct in everything you have said. What's the harm in implementing MAC filtering? And why are you so adamant in opposing it? Wouldn't this discussion be more appropriate to a technical forum? >>I say it prevents an extra .0000000000001% Really? Earlier you gave the figure 99.9999%. Where are you getting your numbers? >>like I said, once the encryption is broken, MAC address filtering won't do squat. And I gave you three real-world scenarios in which MAC filtering will most certainly "do squat". Would you care to address those directly? >>Heck, turning off your WAP when not in use is more effective, and you didn't even mention that! Neither did you. So what? Are we reduced to finger-pointing now? >>Actually it's used for WEP as well, since WEP uses a pre-shared key As I implied in my previous post, this particular attack is specific to WPA-PSK. Do your homework. >>Not only that, but you're fully admitting that this strategy only prevents attacks in one type of WPA network Yes...the type of WPA network most likely to be in use on a SOHO router, which is what we're talking about. >>Because 99.99999999999% of the people who would know how to break through WPA encryption would get through MAC address filtering as well You are absolutely correct. So why are you so adamant in opposing a cost-free defense against the other point-zero-whatever percent? >>Even turning off or disabling your WAP when not being used is more effective in securing your wifi network than MAC address filtering, which is also free! So post a sentence flaming me, and a paragraph telling the original poster how/why to do that. Or do you care more about being right than about actually helping anyone? >>Surely someone smart enough to break your encryption would think to google that, or perhaps they may already know it, wouldn't you agree? Yeah, probably. Even so, why deliberately leave the vulnerability open? >>Most large scale networks don't even do MAC address filtering. Bull. Most large scale networks know what the hell is on their networks. MAC filtering is a poor way to implement that. Even still, I presented several real-world scenarios in which MAC filtering can be used in tandem with other methods to improve security. But then we're a long way off from the original scenario anyway, aren't we? >>They use better strategies like isolating the wifi LAN segment, implementing RADIUS The use of "better" here is a non sequitur. Layers, remember? One weak and, by itself, useless layer inserted for a particular purpose is neither better nor worse than the others. It's there to do a particular job, not to compete with other measures. MAC filtering in that case is not a preventive measure, it is an auditing measure. Nice how you kind of glossed over that point.

0

Doesn't have to be a fight, heropsycho. It is possible to debate without "fighting".

0

"Really? Earlier you gave the figure 99.9999%. Where are you getting your numbers?" Where are you getting yours? Yet you agree that virtually everyone who can get through WPA or WEP can get through MAC address filtering, so are you actually challenging my point or not? "To wit: WPA is cracked, hotspot location and WPA key is posted to semi-public message board, local script kiddies drive by and attempt to connect." Umm, your wifi network is already hacked into by your own admission, and MAC address filtering didn't stop the hackers who would probably do far more damage. Do I think this happens? Sure. Do I care? Heck no, you've been breached! And hey, had you prevented the first intruders possessing a valid key in the first place, those script kiddies wouldn't be getting in, either! You tell me what would prevent the script kiddies from getting in better - securing your network so the original hackers couldn't crack the encryption in the first place, or MAC address filtering? My analogy again is applicable. Is it possible some uh, mentally challenged individual could be invited to come into your house after hannibal lector broke through the steel door, but somehow this mentally impaired individual managed to suffocate himself in the Saran Wrap on the way into the house? Absolutely! (99.9999999999999% chance against that but hey, still possible, right?) Nevermind Hannibal Lecter has already gotten in your house, what's important is the mentally challenged intruders who can't get through the saran wrap didn't get in! "What's the harm in implementing MAC filtering?" Additional administrative overhead for effectively no more additional security. You just made wireless security more of a pain to administer, and you in the end didn't significantly reduce the chance of your network being breached, especially by the most dangerous of hackers. "As I implied in my previous post, this particular attack is specific to WPA-PSK." Dictionary attacks aren't just for WPA-PSK or WEP for that matter. It's used for passwords, too. Do your homework. "A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with words that have a higher possibility of being used, such as names and places. The word “dictionary” refers to the attacker exhausting all of the words in a dictionary in an attempt to discover the password. Dictionary attacks are typically done with software instead of an individual manually trying each password." It's the same principle. You keep trying every combination until one works. Only difference is there are publicly available tools to crack a WEP key faster than doing just a traditional dictionary attack. However, WPA-PSK the principles are the same, and will be attacked in the same manner as WEP eventually. Capturing traffic will be the first step. "Or do you care more about being right than about actually helping anyone?" I care about helping him increase his effective security without making what he needs to do to keep it secure more complicated than it needs to be. MAC address filtering prevents few attacks (virtually none, which ironically, you seem to agree with me on this point), and adds to what he has to do to get legitimate wireless clients on the wifi network. "Most large scale networks know what the hell is on their networks." Hey, let's stick to SOHO here! You said that a long time ago, so I gotta remind you of that. "Yeah, probably. Even so, why deliberately leave the vulnerability open?" Because the vulnerability is better addressed by doing something other than MAC address filtering (IPSec, Radius Authentication, etc), or MAC address filtering doesn't actually solve the REAL vulnerability. I already explained that you crack the key by analyzing captured traffic, not willy nilly trying random keys on the WAP. Wardrivers that can actually crack WEP keys consistantly know this already, and we're not even talking about WPA. Here's the sad thing - I'm not a hacker, even I know to do this. "Layers, remember?" And that's why you should put a saran wrap door behind your front door to your house! Remember, it may actually cause an intruder to suffocate because they can't figure out how to break through thin plastic even though they got through that new steel front door! You never know! Every bit helps! Secure your door to the fullest, no matter how useless each individual step is. Never mind that maintaining this sheet of Saran Wrap can be a pain. After all, without it, you're vulnerable to anyone who can get through a steel door but can't get through a sheet of saran wrap! Meanwhile, you're not spending time and energy blocking out the people who could get through both, which of all the people who can break through a steel door, virtually all of them can get through the Saran Wrap by your own admission. Before you say this is confusing, you agreed that 99.99999999% of people who can get through WPA can get through MAC address filtering. "Doesn't have to be a fight, heropsycho." You're right. Could just be a discussion. I'm discussing this issue now. "Pat Buchanan, Bob Novak, and G. Gordon Liddy don't like Mark Felt. Mark Felt is truly a great man."

0

And around we go again...

0

Do you just get annoyed when someone will actually debate you? I'm very puzzled. Let me review what I wrote... Nope, no personal attacks there at all, just proved my points and refuted yours. That is discussion and debate, is it not? "Pat Buchanan, Bob Novak, and G. Gordon Liddy don't like Mark Felt. Mark Felt is truly a great man."

0

Oh well, I guess I'll go ahead and strike down MAC address filtering for large corps, too. You suggested that MAC address filtering is used in large scale corps on wifi networks as a means to audit connections to detect intruders after the fact. First of all, you don't need to filter to log. What you're suggesting could be done can still be done without actually filtering. Secondly, actually filtering traffic based on MAC address for better auditing ironically can hurt your chances of detecting unauthorized access. If filtering is not enabled, intruders are less likely to change their MAC address to gain access to your wifi network, but if you enable it, they'll simply change their MAC address. If the hacker was reasonably smart from the get go, they would have already changed their MAC address anyway before they actually connected to the network, so MAC address filtering didn't do squat. If you have maintained a list of the valid MAC addresses, and set up alerts of any MAC addresses that turn up other than those, that would actually be easier to detect than a spoofed MAC address that you effectively forced the hacker to do, since the only sure fire way of detecting that is if the attacker connected to the network at the same time as the device whose MAC address he or she spoofed. Best part is you could still audit for multiple simultaneous instances of a MAC address and setup alerts for that, too. And again, MAC address filtering wouldn't prevent an intruder who broke through WPA, and whatever other security measures a large corporation can afford to implement on top of wireless encryption from getting in because this would be one bad to the bone hacker. Anyway, I hope someone actually learned a bit from this whether it be you or someone else. "Republicans in Congress are moving to ratify a constitutional amendment to ban flag burning, thus ending the Iraq insurgency."

0