"Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
> Three weeks ago I switched from a dial-up connection to a Qwest DSL
> package.
> I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has wireless,
> but from what I've been able to determine, it does not alllow/provide for
> MAC
> filtering.  I'm very new to wireless networking, but understand every
> computer has a unique MAC, and that some gateways allow network access to
> be
> limited to specific MACs.
>
> I have WPA-PSK enabled and am using a 63 character key, but to a novice
> (me)
> it's seems like being able to limit access to specific MACs would go a
> long
> way in preventing unwanted access if someone got past the WPA encryption
> key.
> In fact, it seems like it would go a long way to prevent unauthorized
> access
> even if no encyrption was being used.  So I have three questions about MAC
> filtering:
>
> 1) Am I correct in understanding that it will prevent unauthorized access
> even if the encryption key is cracked?
>
> 2) If MAC filtering can't "guarantee" unauthorized users will be denied
> access, how valuable is it generally thought to be?
>
> 3) Should I keep the 2Wire gateway or send it back to Qwest and get a
> gateway that provides MAC filtering?  e.g. I found an Actiontech wireless
> gateway that on the packaging says it provides MAC Address Filtering.
>
> Thanks in advance for any insight you can provide.
> --
> So much to learn... So little time.

"David Hettel" wrote:

> 1) No some programs can be configured to change the MAC address they report.
>
> 2) Depends on who you are talking to and what you are trying to keep someone
> out of. For the right person it's no more effective than an open, unlocked
> door. For many people it's just as effective as wep, or wap. Are you trying
> to keep the average user out of your system, or that one in a thousand or
> perhaps hundred thousand user out?
>
> 3)MAC filtering adds another layer of protection, if it was perfect then
> there would not be all these others form of protection out there. It may
> keep out 999,999 people, out of 1000000 but there is still that guy it's not
> going to keep out if he wants into your system.
>
> There is some risk in every thing we do, you play the odds, or you don't
> play at all.
>
> --
> David Hettel
>
> Please post any reply as a follow-up message in the news group
> for everyone to see.  I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>
> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> confers no rights
>
>
> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
> > Three weeks ago I switched from a dial-up connection to a Qwest DSL
> > package.
> > I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has wireless,
> > but from what I've been able to determine, it does not alllow/provide for
> > MAC
> > filtering.  I'm very new to wireless networking, but understand every
> > computer has a unique MAC, and that some gateways allow network access to
> > be
> > limited to specific MACs.
> >
> > I have WPA-PSK enabled and am using a 63 character key, but to a novice
> > (me)
> > it's seems like being able to limit access to specific MACs would go a
> > long
> > way in preventing unwanted access if someone got past the WPA encryption
> > key.
> > In fact, it seems like it would go a long way to prevent unauthorized
> > access
> > even if no encyrption was being used.  So I have three questions about MAC
> > filtering:
> >
> > 1) Am I correct in understanding that it will prevent unauthorized access
> > even if the encryption key is cracked?
> >
> > 2) If MAC filtering can't "guarantee" unauthorized users will be denied
> > access, how valuable is it generally thought to be?
> >
> > 3) Should I keep the 2Wire gateway or send it back to Qwest and get a
> > gateway that provides MAC filtering?  e.g. I found an Actiontech wireless
> > gateway that on the packaging says it provides MAC Address Filtering.
> >
> > Thanks in advance for any insight you can provide.
> > --
> > So much to learn... So little time.
>
>
>

"Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
news:9D09C3A3-90C9-4E98-B14B-7593F3BEE127@microsoft.com...
> David, thanks for responding to yet another of my questions.  I really
> appreciate your help.
>
> 1)  I had a hunch there were ways for someone to change a MAC and that if
> the MAC could be changed that MAC filtering wasn't a magic bullet.
>
> 2)  For the "most" part, I'd say I want to keep out the average user.  We
> live in a house on a back/side street in a suburban area.  I can't say I
> know
> "all" of our neighbors "real" good, but I am "acquainted" with most of
> them
> and would say our security risk is fairly low in terms of someone wanting
> to
> do us harm.  But... at the same time, I do want to understand the
> "technical"
> risks and remedies associated with a wireless network, because neighbors
> come
> and go.  And while we have almost no traffic on our street other than the
> people who live in the neighborhood, I realize anyone could park on the
> street and get our signal.  I'm also aware of the fact that kids have many
> toys these days that can be used to access a wireless system.  We  have
> many
> kids in the neighborhood and while I don't expect they would try to do us
> harm, I don't want to be an avenue for them to gain access to things they
> shouldn't.  Finally, I know we have at least two other wireless systems in
> use by our neighbors because we pick up their signals.  If we can pick up
> theirs, I figure they can pick up ours.  Again, I don't think they would
> try
> to harm our network, but I want to control who accesses it and when.
>
> 3)  O.K., I suppose that if someone is able to crack the strongest
> encryption key that WPA-PSK can provide, they'd be able to crack the MAC
> even
> easier.  In other words, using MAC filtering in addition to encryption is
> just a delaying tactic.   Have you ever read/heard any comparison between
> how
> hard it would be to come up with the right MAC versus cracking a random 63
> character WPA-PSK encryption key?  I'm guessing the MAC would be much
> easier.
> --
> So much to learn... So little time.
>
>
> "David Hettel" wrote:
>
>> 1) No some programs can be configured to change the MAC address they
>> report.
>>
>> 2) Depends on who you are talking to and what you are trying to keep
>> someone
>> out of. For the right person it's no more effective than an open,
>> unlocked
>> door. For many people it's just as effective as wep, or wap. Are you
>> trying
>> to keep the average user out of your system, or that one in a thousand or
>> perhaps hundred thousand user out?
>>
>> 3)MAC filtering adds another layer of protection, if it was perfect then
>> there would not be all these others form of protection out there. It may
>> keep out 999,999 people, out of 1000000 but there is still that guy it's
>> not
>> going to keep out if he wants into your system.
>>
>> There is some risk in every thing we do, you play the odds, or you don't
>> play at all.
>>
>> --
>> David Hettel
>>
>> Please post any reply as a follow-up message in the news group
>> for everyone to see.  I'm sorry, but I don't answer questions
>> addressed directly to me in E-mail or news groups.
>>
>> Microsoft Most Valuable Professional Program
>> http://mvp.support.microsoft.com
>>
>> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
>> confers no rights
>>
>>
>> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
>> news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
>> > Three weeks ago I switched from a dial-up connection to a Qwest DSL
>> > package.
>> > I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has
>> > wireless,
>> > but from what I've been able to determine, it does not alllow/provide
>> > for
>> > MAC
>> > filtering.  I'm very new to wireless networking, but understand every
>> > computer has a unique MAC, and that some gateways allow network access
>> > to
>> > be
>> > limited to specific MACs.
>> >
>> > I have WPA-PSK enabled and am using a 63 character key, but to a novice
>> > (me)
>> > it's seems like being able to limit access to specific MACs would go a
>> > long
>> > way in preventing unwanted access if someone got past the WPA
>> > encryption
>> > key.
>> > In fact, it seems like it would go a long way to prevent unauthorized
>> > access
>> > even if no encyrption was being used.  So I have three questions about
>> > MAC
>> > filtering:
>> >
>> > 1) Am I correct in understanding that it will prevent unauthorized
>> > access
>> > even if the encryption key is cracked?
>> >
>> > 2) If MAC filtering can't "guarantee" unauthorized users will be denied
>> > access, how valuable is it generally thought to be?
>> >
>> > 3) Should I keep the 2Wire gateway or send it back to Qwest and get a
>> > gateway that provides MAC filtering?  e.g. I found an Actiontech
>> > wireless
>> > gateway that on the packaging says it provides MAC Address Filtering.
>> >
>> > Thanks in advance for any insight you can provide.
>> > --
>> > So much to learn... So little time.
>>
>>
>>

"David Hettel" wrote:

> Yes it child's play to come up with a MAC address, they are in every packet
> sent in your network. Once one "know" how to read the network traffic the
> system is basically theirs. Today one can download a program from the
> internet that will copy and store your network traffic, then one can take
> this data, and run it through another program that will tell you the key.
> Now it's possible for someone, say a teenager to obtain these kinds of
> programs and play with them. They are basically following someone else's
> instructions without truly understanding what they are doing. The more
> layers of protection you have the more likely you are to frustrate these
> kinds of threats.
>
> For someone who truly understands what they are doing, and has the desire
> and time, you can't keep them out. The best you can hope for is to not come
> to the attention of someone like that.
>
> --
> David Hettel
>
> Please post any reply as a follow-up message in the news group
> for everyone to see.  I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>
> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> confers no rights
>
>
> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> news:9D09C3A3-90C9-4E98-B14B-7593F3BEE127@microsoft.com...
> > David, thanks for responding to yet another of my questions.  I really
> > appreciate your help.
> >
> > 1)  I had a hunch there were ways for someone to change a MAC and that if
> > the MAC could be changed that MAC filtering wasn't a magic bullet.
> >
> > 2)  For the "most" part, I'd say I want to keep out the average user.  We
> > live in a house on a back/side street in a suburban area.  I can't say I
> > know
> > "all" of our neighbors "real" good, but I am "acquainted" with most of
> > them
> > and would say our security risk is fairly low in terms of someone wanting
> > to
> > do us harm.  But... at the same time, I do want to understand the
> > "technical"
> > risks and remedies associated with a wireless network, because neighbors
> > come
> > and go.  And while we have almost no traffic on our street other than the
> > people who live in the neighborhood, I realize anyone could park on the
> > street and get our signal.  I'm also aware of the fact that kids have many
> > toys these days that can be used to access a wireless system.  We  have
> > many
> > kids in the neighborhood and while I don't expect they would try to do us
> > harm, I don't want to be an avenue for them to gain access to things they
> > shouldn't.  Finally, I know we have at least two other wireless systems in
> > use by our neighbors because we pick up their signals.  If we can pick up
> > theirs, I figure they can pick up ours.  Again, I don't think they would
> > try
> > to harm our network, but I want to control who accesses it and when.
> >
> > 3)  O.K., I suppose that if someone is able to crack the strongest
> > encryption key that WPA-PSK can provide, they'd be able to crack the MAC
> > even
> > easier.  In other words, using MAC filtering in addition to encryption is
> > just a delaying tactic.   Have you ever read/heard any comparison between
> > how
> > hard it would be to come up with the right MAC versus cracking a random 63
> > character WPA-PSK encryption key?  I'm guessing the MAC would be much
> > easier.
> > --
> > So much to learn... So little time.
> >
> >
> > "David Hettel" wrote:
> >
> >> 1) No some programs can be configured to change the MAC address they
> >> report.
> >>
> >> 2) Depends on who you are talking to and what you are trying to keep
> >> someone
> >> out of. For the right person it's no more effective than an open,
> >> unlocked
> >> door. For many people it's just as effective as wep, or wap. Are you
> >> trying
> >> to keep the average user out of your system, or that one in a thousand or
> >> perhaps hundred thousand user out?
> >>
> >> 3)MAC filtering adds another layer of protection, if it was perfect then
> >> there would not be all these others form of protection out there. It may
> >> keep out 999,999 people, out of 1000000 but there is still that guy it's
> >> not
> >> going to keep out if he wants into your system.
> >>
> >> There is some risk in every thing we do, you play the odds, or you don't
> >> play at all.
> >>
> >> --
> >> David Hettel
> >>
> >> Please post any reply as a follow-up message in the news group
> >> for everyone to see.  I'm sorry, but I don't answer questions
> >> addressed directly to me in E-mail or news groups.
> >>
> >> Microsoft Most Valuable Professional Program
> >> http://mvp.support.microsoft.com
> >>
> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> >> confers no rights
> >>
> >>
> >> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> >> news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
> >> > Three weeks ago I switched from a dial-up connection to a Qwest DSL
> >> > package.
> >> > I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has
> >> > wireless,
> >> > but from what I've been able to determine, it does not alllow/provide
> >> > for
> >> > MAC
> >> > filtering.  I'm very new to wireless networking, but understand every
> >> > computer has a unique MAC, and that some gateways allow network access
> >> > to
> >> > be
> >> > limited to specific MACs.
> >> >
> >> > I have WPA-PSK enabled and am using a 63 character key, but to a novice
> >> > (me)
> >> > it's seems like being able to limit access to specific MACs would go a
> >> > long
> >> > way in preventing unwanted access if someone got past the WPA
> >> > encryption
> >> > key.
> >> > In fact, it seems like it would go a long way to prevent unauthorized
> >> > access
> >> > even if no encyrption was being used.  So I have three questions about
> >> > MAC
> >> > filtering:
> >> >
> >> > 1) Am I correct in understanding that it will prevent unauthorized
> >> > access
> >> > even if the encryption key is cracked?
> >> >
> >> > 2) If MAC filtering can't "guarantee" unauthorized users will be denied
> >> > access, how valuable is it generally thought to be?
> >> >
> >> > 3) Should I keep the 2Wire gateway or send it back to Qwest and get a
> >> > gateway that provides MAC filtering?  e.g. I found an Actiontech
> >> > wireless
> >> > gateway that on the packaging says it provides MAC Address Filtering.
> >> >
> >> > Thanks in advance for any insight you can provide.
> >> > --
> >> > So much to learn... So little time.
> >>
> >>
> >>
>
>
>

"Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
news:888789E2-5DD3-4D7A-8A7F-8D6B027F075F@microsoft.com...
> ---------------------------------------------------------------------------------------------
> "Today one can download a program from the
> internet that will copy and store your network traffic, then one can take
> this data, and run it through another program that will tell you the key."
> ---------------------------------------------------------------------------------------------
>
> Ouch!  So they can actually capture and read/decipher the WPA key, huh?
> I'll have to go back and re-read some WPA related articles.  I was under
> the
> impression that with WPA, even the keys were encrypted so that if a packet
> was interecepted, the interceptor still couldn't read it.  But if an
> intruder
> can not only capture the packet, but also read/decipher the WPA key, I
> assume
> they could then gain access to the network if they did so before WPA
> changed
> the key again.  True?  And once they're in, they're in for as long as the
> wirless feature is enabled on the gateway and I don't manually change the
> WPA-PSK key.
> --
> So much to learn... So little time.
>
>
> "David Hettel" wrote:
>
>> Yes it child's play to come up with a MAC address, they are in every
>> packet
>> sent in your network. Once one "know" how to read the network traffic the
>> system is basically theirs. Today one can download a program from the
>> internet that will copy and store your network traffic, then one can take
>> this data, and run it through another program that will tell you the key.
>> Now it's possible for someone, say a teenager to obtain these kinds of
>> programs and play with them. They are basically following someone else's
>> instructions without truly understanding what they are doing. The more
>> layers of protection you have the more likely you are to frustrate these
>> kinds of threats.
>>
>> For someone who truly understands what they are doing, and has the desire
>> and time, you can't keep them out. The best you can hope for is to not
>> come
>> to the attention of someone like that.
>>
>> --
>> David Hettel
>>
>> Please post any reply as a follow-up message in the news group
>> for everyone to see.  I'm sorry, but I don't answer questions
>> addressed directly to me in E-mail or news groups.
>>
>> Microsoft Most Valuable Professional Program
>> http://mvp.support.microsoft.com
>>
>> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
>> confers no rights
>>
>>
>> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
>> news:9D09C3A3-90C9-4E98-B14B-7593F3BEE127@microsoft.com...
>> > David, thanks for responding to yet another of my questions.  I really
>> > appreciate your help.
>> >
>> > 1)  I had a hunch there were ways for someone to change a MAC and that
>> > if
>> > the MAC could be changed that MAC filtering wasn't a magic bullet.
>> >
>> > 2)  For the "most" part, I'd say I want to keep out the average user.
>> > We
>> > live in a house on a back/side street in a suburban area.  I can't say
>> > I
>> > know
>> > "all" of our neighbors "real" good, but I am "acquainted" with most of
>> > them
>> > and would say our security risk is fairly low in terms of someone
>> > wanting
>> > to
>> > do us harm.  But... at the same time, I do want to understand the
>> > "technical"
>> > risks and remedies associated with a wireless network, because
>> > neighbors
>> > come
>> > and go.  And while we have almost no traffic on our street other than
>> > the
>> > people who live in the neighborhood, I realize anyone could park on the
>> > street and get our signal.  I'm also aware of the fact that kids have
>> > many
>> > toys these days that can be used to access a wireless system.  We  have
>> > many
>> > kids in the neighborhood and while I don't expect they would try to do
>> > us
>> > harm, I don't want to be an avenue for them to gain access to things
>> > they
>> > shouldn't.  Finally, I know we have at least two other wireless systems
>> > in
>> > use by our neighbors because we pick up their signals.  If we can pick
>> > up
>> > theirs, I figure they can pick up ours.  Again, I don't think they
>> > would
>> > try
>> > to harm our network, but I want to control who accesses it and when.
>> >
>> > 3)  O.K., I suppose that if someone is able to crack the strongest
>> > encryption key that WPA-PSK can provide, they'd be able to crack the
>> > MAC
>> > even
>> > easier.  In other words, using MAC filtering in addition to encryption
>> > is
>> > just a delaying tactic.   Have you ever read/heard any comparison
>> > between
>> > how
>> > hard it would be to come up with the right MAC versus cracking a random
>> > 63
>> > character WPA-PSK encryption key?  I'm guessing the MAC would be much
>> > easier.
>> > --
>> > So much to learn... So little time.
>> >
>> >
>> > "David Hettel" wrote:
>> >
>> >> 1) No some programs can be configured to change the MAC address they
>> >> report.
>> >>
>> >> 2) Depends on who you are talking to and what you are trying to keep
>> >> someone
>> >> out of. For the right person it's no more effective than an open,
>> >> unlocked
>> >> door. For many people it's just as effective as wep, or wap. Are you
>> >> trying
>> >> to keep the average user out of your system, or that one in a thousand
>> >> or
>> >> perhaps hundred thousand user out?
>> >>
>> >> 3)MAC filtering adds another layer of protection, if it was perfect
>> >> then
>> >> there would not be all these others form of protection out there. It
>> >> may
>> >> keep out 999,999 people, out of 1000000 but there is still that guy
>> >> it's
>> >> not
>> >> going to keep out if he wants into your system.
>> >>
>> >> There is some risk in every thing we do, you play the odds, or you
>> >> don't
>> >> play at all.
>> >>
>> >> --
>> >> David Hettel
>> >>
>> >> Please post any reply as a follow-up message in the news group
>> >> for everyone to see.  I'm sorry, but I don't answer questions
>> >> addressed directly to me in E-mail or news groups.
>> >>
>> >> Microsoft Most Valuable Professional Program
>> >> http://mvp.support.microsoft.com
>> >>
>> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
>> >> confers no rights
>> >>
>> >>
>> >> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
>> >> news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
>> >> > Three weeks ago I switched from a dial-up connection to a Qwest DSL
>> >> > package.
>> >> > I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has
>> >> > wireless,
>> >> > but from what I've been able to determine, it does not
>> >> > alllow/provide
>> >> > for
>> >> > MAC
>> >> > filtering.  I'm very new to wireless networking, but understand
>> >> > every
>> >> > computer has a unique MAC, and that some gateways allow network
>> >> > access
>> >> > to
>> >> > be
>> >> > limited to specific MACs.
>> >> >
>> >> > I have WPA-PSK enabled and am using a 63 character key, but to a
>> >> > novice
>> >> > (me)
>> >> > it's seems like being able to limit access to specific MACs would go
>> >> > a
>> >> > long
>> >> > way in preventing unwanted access if someone got past the WPA
>> >> > encryption
>> >> > key.
>> >> > In fact, it seems like it would go a long way to prevent
>> >> > unauthorized
>> >> > access
>> >> > even if no encyrption was being used.  So I have three questions
>> >> > about
>> >> > MAC
>> >> > filtering:
>> >> >
>> >> > 1) Am I correct in understanding that it will prevent unauthorized
>> >> > access
>> >> > even if the encryption key is cracked?
>> >> >
>> >> > 2) If MAC filtering can't "guarantee" unauthorized users will be
>> >> > denied
>> >> > access, how valuable is it generally thought to be?
>> >> >
>> >> > 3) Should I keep the 2Wire gateway or send it back to Qwest and get
>> >> > a
>> >> > gateway that provides MAC filtering?  e.g. I found an Actiontech
>> >> > wireless
>> >> > gateway that on the packaging says it provides MAC Address
>> >> > Filtering.
>> >> >
>> >> > Thanks in advance for any insight you can provide.
>> >> > --
>> >> > So much to learn... So little time.
>> >>
>> >>
>> >>
>>
>>
>>

"David Hettel" wrote:

> Yes it's true that the key is encrypted, but with enough data the key can be
> decoded, and it is possible to send things, that will cause the network to
> transmit the kind of packets that are needed to decode the key.
>
> --
> David Hettel
>
> Please post any reply as a follow-up message in the news group
> for everyone to see.  I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>
> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> confers no rights
>
>
> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> news:888789E2-5DD3-4D7A-8A7F-8D6B027F075F@microsoft.com...
> > ---------------------------------------------------------------------------------------------
> > "Today one can download a program from the
> > internet that will copy and store your network traffic, then one can take
> > this data, and run it through another program that will tell you the key."
> > ---------------------------------------------------------------------------------------------
> >
> > Ouch!  So they can actually capture and read/decipher the WPA key, huh?
> > I'll have to go back and re-read some WPA related articles.  I was under
> > the
> > impression that with WPA, even the keys were encrypted so that if a packet
> > was interecepted, the interceptor still couldn't read it.  But if an
> > intruder
> > can not only capture the packet, but also read/decipher the WPA key, I
> > assume
> > they could then gain access to the network if they did so before WPA
> > changed
> > the key again.  True?  And once they're in, they're in for as long as the
> > wirless feature is enabled on the gateway and I don't manually change the
> > WPA-PSK key.
> > --
> > So much to learn... So little time.
> >
> >
> > "David Hettel" wrote:
> >
> >> Yes it child's play to come up with a MAC address, they are in every
> >> packet
> >> sent in your network. Once one "know" how to read the network traffic the
> >> system is basically theirs. Today one can download a program from the
> >> internet that will copy and store your network traffic, then one can take
> >> this data, and run it through another program that will tell you the key.
> >> Now it's possible for someone, say a teenager to obtain these kinds of
> >> programs and play with them. They are basically following someone else's
> >> instructions without truly understanding what they are doing. The more
> >> layers of protection you have the more likely you are to frustrate these
> >> kinds of threats.
> >>
> >> For someone who truly understands what they are doing, and has the desire
> >> and time, you can't keep them out. The best you can hope for is to not
> >> come
> >> to the attention of someone like that.
> >>
> >> --
> >> David Hettel
> >>
> >> Please post any reply as a follow-up message in the news group
> >> for everyone to see.  I'm sorry, but I don't answer questions
> >> addressed directly to me in E-mail or news groups.
> >>
> >> Microsoft Most Valuable Professional Program
> >> http://mvp.support.microsoft.com
> >>
> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> >> confers no rights
> >>
> >>
> >> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> >> news:9D09C3A3-90C9-4E98-B14B-7593F3BEE127@microsoft.com...
> >> > David, thanks for responding to yet another of my questions.  I really
> >> > appreciate your help.
> >> >
> >> > 1)  I had a hunch there were ways for someone to change a MAC and that
> >> > if
> >> > the MAC could be changed that MAC filtering wasn't a magic bullet.
> >> >
> >> > 2)  For the "most" part, I'd say I want to keep out the average user.
> >> > We
> >> > live in a house on a back/side street in a suburban area.  I can't say
> >> > I
> >> > know
> >> > "all" of our neighbors "real" good, but I am "acquainted" with most of
> >> > them
> >> > and would say our security risk is fairly low in terms of someone
> >> > wanting
> >> > to
> >> > do us harm.  But... at the same time, I do want to understand the
> >> > "technical"
> >> > risks and remedies associated with a wireless network, because
> >> > neighbors
> >> > come
> >> > and go.  And while we have almost no traffic on our street other than
> >> > the
> >> > people who live in the neighborhood, I realize anyone could park on the
> >> > street and get our signal.  I'm also aware of the fact that kids have
> >> > many
> >> > toys these days that can be used to access a wireless system.  We  have
> >> > many
> >> > kids in the neighborhood and while I don't expect they would try to do
> >> > us
> >> > harm, I don't want to be an avenue for them to gain access to things
> >> > they
> >> > shouldn't.  Finally, I know we have at least two other wireless systems
> >> > in
> >> > use by our neighbors because we pick up their signals.  If we can pick
> >> > up
> >> > theirs, I figure they can pick up ours.  Again, I don't think they
> >> > would
> >> > try
> >> > to harm our network, but I want to control who accesses it and when.
> >> >
> >> > 3)  O.K., I suppose that if someone is able to crack the strongest
> >> > encryption key that WPA-PSK can provide, they'd be able to crack the
> >> > MAC
> >> > even
> >> > easier.  In other words, using MAC filtering in addition to encryption
> >> > is
> >> > just a delaying tactic.   Have you ever read/heard any comparison
> >> > between
> >> > how
> >> > hard it would be to come up with the right MAC versus cracking a random
> >> > 63
> >> > character WPA-PSK encryption key?  I'm guessing the MAC would be much
> >> > easier.
> >> > --
> >> > So much to learn... So little time.
> >> >
> >> >
> >> > "David Hettel" wrote:
> >> >
> >> >> 1) No some programs can be configured to change the MAC address they
> >> >> report.
> >> >>
> >> >> 2) Depends on who you are talking to and what you are trying to keep
> >> >> someone
> >> >> out of. For the right person it's no more effective than an open,
> >> >> unlocked
> >> >> door. For many people it's just as effective as wep, or wap. Are you
> >> >> trying
> >> >> to keep the average user out of your system, or that one in a thousand
> >> >> or
> >> >> perhaps hundred thousand user out?
> >> >>
> >> >> 3)MAC filtering adds another layer of protection, if it was perfect
> >> >> then
> >> >> there would not be all these others form of protection out there. It
> >> >> may
> >> >> keep out 999,999 people, out of 1000000 but there is still that guy
> >> >> it's
> >> >> not
> >> >> going to keep out if he wants into your system.
> >> >>
> >> >> There is some risk in every thing we do, you play the odds, or you
> >> >> don't
> >> >> play at all.
> >> >>
> >> >> --
> >> >> David Hettel
> >> >>
> >> >> Please post any reply as a follow-up message in the news group
> >> >> for everyone to see.  I'm sorry, but I don't answer questions
> >> >> addressed directly to me in E-mail or news groups.
> >> >>
> >> >> Microsoft Most Valuable Professional Program
> >> >> http://mvp.support.microsoft.com
> >> >>
> >> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> >> >> confers no rights
> >> >>
> >> >>
> >> >> "Roughneck" <Roughn***@discussions.microsoft.com> wrote in message
> >> >> news:C3A86951-A5A8-47DC-8393-381DA8A25897@microsoft.com...
> >> >> > Three weeks ago I switched from a dial-up connection to a Qwest DSL
> >> >> > package.
> >> >> > I agreed to try a gateway Qwest offers (a 2Wire 2700HG) that has
> >> >> > wireless,
> >> >> > but from what I've been able to determine, it does not
> >> >> > alllow/provide
> >> >> > for
> >> >> > MAC
> >> >> > filtering.  I'm very new to wireless networking, but understand
> >> >> > every
> >> >> > computer has a unique MAC, and that some gateways allow network
> >> >> > access
> >> >> > to
> >> >> > be
> >> >> > limited to specific MACs.
> >> >> >
> >> >> > I have WPA-PSK enabled and am using a 63 character key, but to a
> >> >> > novice
> >> >> > (me)
> >> >> > it's seems like being able to limit access to specific MACs would go
> >> >> > a
> >> >> > long
> >> >> > way in preventing unwanted access if someone got past the WPA
> >> >> > encryption
> >> >> > key.
> >> >> > In fact, it seems like it would go a long way to prevent
> >> >> > unauthorized
> >> >> > access
> >> >> > even if no encyrption was being used.  So I have three questions
> >> >> > about
> >> >> > MAC
> >> >> > filtering:
> >> >> >
> >> >> > 1) Am I correct in understanding that it will prevent unauthorized
> >> >> > access
> >> >> > even if the encryption key is cracked?
> >> >> >
> >> >> > 2) If MAC filtering can't "guarantee" unauthorized users will be
> >> >> > denied
> >> >> > access, how valuable is it generally thought to be?
> >> >> >
> >> >> > 3) Should I keep the 2Wire gateway or send it back to Qwest and get
> >> >> > a
> >> >> > gateway that provides MAC filtering?  e.g. I found an Actiontech
> >> >> > wireless
> >> >> > gateway that on the packaging says it provides MAC Address
> >> >> > Filtering.
> >> >> >
> >> >> > Thanks in advance for any insight you can provide.
> >> >> > --
> >> >> > So much to learn... So little time.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>