April 8, 2012 Off

Why MAC address filtering is not perfect

By in Operating Systems

MAC addresses – which are different for each device on your network – may seem to be the perfect way to keep out intruders, but there’s a catch. Since you can change the MAC address on most modern hardware, someone could theoretically connect to a filtered network by spoofing the MAC address.

This makes the MAC address somewhat like a password, right? Not exactly. First, no two devices on a network can have the same MAC address, so if your PC is connected, and someone else tries to break in by spoofing your MAC address, the attempt will fail. Second, each PC has its own MAC address and its own entry on your router’s MAC address filter page; this means that an administrator can remove a compromised entry without affecting any other PCs. (This is in contrast to the single WPA-Personal passphrase or WEP encryption key that everyone on the network shares).

The real problem is that, like the hidden SSID dilemma, a savvy intruder can use monitoring software to grab MAC addresses out of the air and use them to connect. Think it’s difficult to change the MAC address? Think again. You can use Mac Makeup, available for free from http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp, or MadMACs, free from http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer, to change your wireless adapter’s MAC address in a few moments. You can also change your MAC address – without any special software – by editing the Registry. Open Registry Editor and expand the branches to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}. Press Ctrl-F, type DriverDesc in the box, and click Find Next. Press F3 to cycle through the subkeys here (e.g.,0001, 0002, etc.) until you hit the one where the DriverDesc value matches the name of your wireless adapter. Once you stumble upon the correct key, select Edit ? New ? String Value, and name the value Network Address. Double click the new value, type the MAC address you want to use in the Value data field (without any hyphens, like this: 040815162342), and click OK. To put the new address into effect, use the Network Connections window to disable and then re-enable your network adapter (or restart Windows). Of course, there are plenty of legitimate reasons to change one’s MAC address, such as troubleshooting or conflict management. Even your router probably has a way to change its MAC address—via the MAC Address Clone feature—to match your PC’s address so remote servers that have been configured to permit access from your PC won’t reject your router. All this means that there’s no such thing as an impentetrable wireless network. If you really care about security, abandon wireless and stick with cables.

The Ethics of WiFi: Once you get the technical details out of the way, the one remaining hurdle when considering using someone else’s Internet connection is a question of ethics. There are countless personal wireless networks around the globe and most of them, you’ll find, are unsecured. This means that you can literally walk down the street in a populated area and probably find a working wireless Internet connection before you reach the end of the block. Some will have been left open intentionally, but most will be unsecured merely because their owners don’t have the benefit of the “Set Up a Wireless Router”.

Now, just because you can connect to these networks, does it mean you should? Are you taking advantage of someone else’s ignorance by breaking into his private network, or are you simply making use of a public resource that you’d be equally eager to share?

I’m not about to try to solve this dilemma in these short pages; I only wish to raise the question, and to suggest that if you do ever decide to utilize someone else’s wireless network, that you not do any harm. Think about your impact, both on the bandwidth of the foreign network and the privacy of those who operate it. And then tread lightly.

About the Author:

Check out more information on cloud law

Tags: , ,