On Wed, Apr 6, 2011 at 11:17 AM, Elazar Leibovich <[email protected]> wrote:
> > > On Wed, Apr 6, 2011 at 10:26 AM, shimi <[email protected]> wrote: > >> >> Changing your MAC is pretty trivial... >> > > Yeah, but guessing which MAC is in my whitelist is less so. So if an > attacker want to spoof his MAC address he has to sniff for a MAC address, > (which means he can do that only when my computer is on). I'm not familiar > with the WiFi protocol, but I'm sending the MAC only in the handshake phase > it's even harder to spoof your MAC. > > I'm not trying to avoid the NSA, the attack vector I'm trying to prevent is > a random vandals. A vicious attacker can simply knock on my door and ask to > use my computer to check when his flight is leaving. > You don't need to guess if you can passively get them, courtesy to active network traffic... "my computer isn't always on" is like putting your head in the sand :) If you want to stop random vandals, just have your network with encryption and don't publish the key. If you open anonymous access... it would be open. If not going VLAN-way, your other choice is to not allow connections coming from the outside at all (to all the computers in your LAN - easy in Linux, difficult if you also have Redmond) - and just run some OpenVPN server on the Linux to have things open (authentication + encryption). -- Shimi
_______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
