Re: Mac Address Filter

[francisco <frisco@blackant.net>]

On Mon, 10 Jun 2002, Chris wrote:

> It is handy for keeping not-very-dedicated would-be theives from using
> your wireless network for their own net usage without first spending
> time snooping on it.  I know some people who (erroneously) think you
> need a soldering iron to change MAC IDs, so the technique clearly
> thwarts some fraction of persons seeking unpermitted access.
> Foolproof?  Of course not. But it is not useless.  It is one layer to
> slow down those who would consume resources, and makes other targets
> look more appetizing.  You don't need to outrun bears, sometimes, just
> other hikers :-)
>
> --Chris
>
> PS some reason to hate MAC-based filtering, of which I should be
> alerted? :-)

Problem:             bears can be *very* painful.
Temporary Solution:  run faster than other hikers.
Permanent Solution:  wear a bear-proof suit - http://www.nfb.ca/grizzly/

That is, based on other concepts promoted by OpenBSD (such as removal of
r* tools, secure by default goals, unacceptance of Stephanie, etc), MAC
based addressing provides a false or temporary sense of security, as
opposed to being a well-thought out solution.

Add in limited resources, viable alternatives, and you have no MAC
filtering.  though MAC filtering might be a useful tool in a couple
situations and a possible deterrent (do script kiddies despise google
searching for solutions as much as newbies?), i'd much rather have an
ever-increasingly stable system with more robust, truly secure features.

At least that's my understanding of the situation.

-f
http://www.blackant.net/