[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mac Address Filter
On Mon, 10 Jun 2002, Chris wrote:
> It is handy for keeping not-very-dedicated would-be theives from using
> your wireless network for their own net usage without first spending
> time snooping on it. I know some people who (erroneously) think you
> need a soldering iron to change MAC IDs, so the technique clearly
> thwarts some fraction of persons seeking unpermitted access.
> Foolproof? Of course not. But it is not useless. It is one layer to
> slow down those who would consume resources, and makes other targets
> look more appetizing. You don't need to outrun bears, sometimes, just
> other hikers :-)
> PS some reason to hate MAC-based filtering, of which I should be
> alerted? :-)
Problem: bears can be *very* painful.
Temporary Solution: run faster than other hikers.
Permanent Solution: wear a bear-proof suit - http://www.nfb.ca/grizzly/
That is, based on other concepts promoted by OpenBSD (such as removal of
r* tools, secure by default goals, unacceptance of Stephanie, etc), MAC
based addressing provides a false or temporary sense of security, as
opposed to being a well-thought out solution.
Add in limited resources, viable alternatives, and you have no MAC
filtering. though MAC filtering might be a useful tool in a couple
situations and a possible deterrent (do script kiddies despise google
searching for solutions as much as newbies?), i'd much rather have an
ever-increasingly stable system with more robust, truly secure features.
At least that's my understanding of the situation.