At 11:45 AM 5/3/2006, you wrote:
Hours? Not even.
I don't buy that, I haven't seen anything that supports the notion that
spoofing a MAC address is perfunctory. WEP, yes but let's take a step back.
The best defense is to hide in plain sight. Turn off broadcasting. You
can't hack into what you can't see, or don't know is there. I know of no
good reason to have public broadcast of a private WAP. Use a password like
SSID, turn off broadcasting, and enable MAC addressing and you have won
most of the battle. Add WPA encryption, and your done.
No WEP it takes seconds to read the traffic and extract a MAC. WEP takes
longer, but the needed packets can be coerced out of your WAP.
Besides, there's more at stake there than access. What about having
someone capture the traffic and taking it home to decrypt to extract your
personal info & passwords? These days you have war drivers all over doing
shady things because WAP's & tools a common.
While sitting waiting for my mom to come out of doctors office, I scanned
for an open WAP to check my email and actually found a lawyers office in
the same complex with an open WAP, no encryption, no MAC lockdown and
shares up with no password that led to client data. If not for fear of
being charged for theft of computing services, I would have knocked on
their door and offered my services for a fee. This is worse case, but if
had at least been WEP w/ MAC lockdown I would not have simply stumbled
across the shares. Of course in that environment it should be WPA and the
shares locked with 16+ character passwords, or not on the WiFi at all.
Winterlight wrote:
At 01:52 AM 5/3/2006, you wrote:
At 12:15 PM 02/05/2006, joeuser wrote:
7) Wireless network security.
*cough* Lock by MAC address. Don't expect security and why. Wired
better for speed and security.
Locking by MAC address is not secure. It is possible to discover and
spoof MAC addresses - WPA with a very secure key is probably the only security.
yeah possible, but very, very unlikely. Few people have the skills to do
something like that, and I doubt one of them are going to be sitting in
range of your WAP, for hours on end attempting to do so.
