[MLB-WIRELESS] MAC security - how good is it?

Wed Feb 12 09:34:43 EST 2003

"Now, correct me if I am wrong, this is just an idea I was pondering last night, spoofing Mac addresses only affects the application layer and cannot change the Address in the Mac layer of the OSI model. So, if the access point drilled down to the Mac layer for the real address, you would be safe?"

Someone needs to revisit their CCNA course material? ;)

The MAC address is transmitted in the layer 2 frame. period.
Sniff a few frames on your LAN, you're not likely to find any reference to MAC addresses in the higher layer datagrams (unless the specific application calls for it and I cant think of any off hand)

Just in the same way as you use a software application to manipulate your actual layer 3 address (eg -> ipconfig for your IP) you can use higher layer software to manipulate and send and receive frames from/to a replacement MAC address at the actual data-link layer.

J.

________________________
jason brice
senior network engineer
kiandra system solutions
level 9, 455 bourke st melbourne vic 3000
(t) +61 3 9600 1639
(f) +61 3 9600 1656

-----Original Message-----
From: Michael_Florence at dlink.com.au [mailto:Michael_Florence at dlink.com.au] 
Sent: Wednesday, 12 February 2003 8:48 AM
To: melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] MAC security - how good is it?

Nath,

Use a number of built in and non built in security measures.

My analogy is that of a car, it has door locks, alarm, engine immobiliser, fuel tap, secret switch, you may have a club lock etc. By themselves, these offer little protection, however a combination will ensure that the thief (hacker) goes elsewhere. However, depending on what you use, the more you put on may slow your network considerably.

* Using something like Airsnort will take forever to sniff enough packets. Airsnort report in their FAQ that for 128 bit encryption, to hack a wireless network of 4 people who surf the web constantly all day will take between 10 & 33 days. Sure, once it has the "interesting packets" it can crack it in seconds, however it needs the packets first and this takes time. Devices with 256 bit encryption are available from D-Link.

* Use D-Link AirPlus products that have PBCC modulation. As far as I know there is no software that can sniff this modulation scheme And it's 22MB.

* Use an AP with Authentication. The D-Link DWL-1000AP+ has Radius authentication support. (another plug for D-Link)

* Run IPSEC across the WLAN (not recomended to use with WEP because of speed. Use one or the other). Should be close to bulletproof.

* Create policies on your network so no-one adds rogue access points without your configuration.

In regards to Mac filtering I recommend it all the time... Now, correct me if I am wrong, this is just an idea I was pondering last night, spoofing Mac addresses only affects the application layer and cannot change the Address in the Mac layer of the OSI model. So, if the access point drilled down to the Mac layer for the real address, you would be safe? I have not bounced this off our tech guys, so forgive me if it sounds foolish.

-Michael Florence

"Nath P" <nathp at optushome.com.au> on 11/02/2003 07:26:11 PM

 To:      "'melbwireless'" <melbwireless at wireless.org.au>     

 cc:      (bcc: Michael Florence/Sales/DLINK-AUST)            

 Subject: [MLB-WIRELESS] MAC security - how good is it?       

Hey everyone,
I was wondering, how good is mac security by itself with no other security? thanks, Nathan

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message