Yup you quite right, I was wrong on this one alright. I dind't intend my answer to be taken up as a whole soln although looking at my post I made very little effort to clarify this. So seeing as my lame idea got shot down I have a question Is there any point in putting in mac filters the ? If you going to use something else to authenticate the hosts joining the network whats the point is there anything to be actually gained by it? I thought it was a good thing to add in anyways as it is a simple thing to do and it's an extra check, albeit and easily circumvented one.
On Fri, 8 Aug 2003, David wrote: > Rory, the first packet from the wireless client that is sniffed gives away > the mac address. > Unless you tunnel the wireless connection, the mac address is out in the > open, not encrypted. ipsec won't help either. same deal. and if you vpn > tunnel, you have to be able to DENY the mac addresses on the two sides of > the tunnel, so that when they sniff the tunnel, they don't use THOSE mac's. > Maybe you want to withdraw your comment on this > > -----Original Message----- > From: Rory [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2003 12:23 AM > To: netsec novice > Cc: [EMAIL PROTECTED] > Subject: Re: Network scanning > > > for the wireless stuff I would just do mac filtering, any host that is not > in the list of mac address is not allowed to join the wireless network. Of > course the network traffic can still be sniffed using any laptop but you > can just encrypt the traffic over wireless as you suggested. The mac > filtering is something easy to setup and makes sure you don't end up > handing out access to the network to some dude out in in the parking lot. > > AS for the other stuff i'm not too sure as SNMP is not something I have > used, running a snort box in the network checking for scanning activity is > also a good precaution that way you are also guarding against any unhappy > employee's looking to make your job harder. > > On Thu, 7 Aug 2003, netsec novice wrote: > > > Are there tools out there that would allow system administrators to be > > notified when a new workstation attaches to a network? I'm thinking both > > wireless and ethernet in this case. SNMP maybe? I am in a credit union > > environment and my concern is that someone would be able to steal an > > existing jack or a jack that is not physically protected but live and be > > able to capture traffic or do reconaissance. We don't have Wireless > access > > at this point but may look to it in the future. My only thought in that > > case would be to encrypt all traffic since wireless security is a bit > scary > > at this point. Any ideas? > > > > _________________________________________________________________ > > The new MSN 8: smart spam protection and 2 months FREE* > > http://join.msn.com/?page=features/junkmail > > > > > > -------------------------------------------------------------------------- > - > > -------------------------------------------------------------------------- > -- > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
