Wireless MAC Filter

[ressac]

after update fw to last version i have problems with Wireless MAC Filter

i can't delete old fields also i can add new and delete new one, but no old

you can see more info on screenshot

how i can delete old fields? without reset fully router ?

 

[L&LD]

http://www.snbforums.com/threads/mac-filter-all-devices-off-line-cannot-update-names-or-icon.28690/

 

[ressac]

thx

 

[pete y testing]

after update fw to last version i have problems with Wireless MAC Filter

i can't delete old fields also i can add new and delete new one, but no old

the question i would ask is why are you still using wireless mac filtering in this day and age as its not a security measure at all

 

[ColinTaylor]

as its not a security measure at all

Yes it is. It's just that it's not a very strong one For some people that, combined with a suitably complex password, is all they want or need. Besides it doesn't have to be used as a security measure at all. I use MAC filter lists to stop some of my A/V devices roaming onto the wrong access point.

 

[pete y testing]

Yes it is. It's just that it's not a very strong one

i will totally and respectfully disagree with you on this and constantly hear ppl saying this and will always disagree with vigor

For some people that, combined with a suitably complex password

the password alone is the security

mac filtering is useless because mac addresses are not encoded so can be read with simple ease , i equate it to locking the fly screen door and leaving the key on the outside of the door

suitably complex password, is all they want or need.

again this is all they need

Besides it doesn't have to be used as a security measure at all. I use MAC filter lists to stop some of my A/V devices roaming onto the wrong access point.

and when you forget you have set all these filters and cant figure out why something wont connect , also using separate ssid names for the access points would achieve the same result and with domestic wifi there is almost no difference between separate ssid and the same ssid

its simple to say that mac address filtering is useless as a security measure and a pain in the butt for the admin and should be avoided for both

 

[pete y testing]

Yes it is. It's just that it's not a very strong one

and just as a reference to this

google ( i would post the link but it take ages to have external links approved here )

The six dumbest ways to secure a wireless LAN

and i will quote an extract

"MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person's name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that person's name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain."

 

[sfx2000]

mac filtering is useless because mac addresses are not encoded so can be read with simple ease , i equate it to locking the fly screen door and leaving the key on the outside of the door

Yep... easy enough to pull over the air in any event - and it's easy enough to spoof a MAC address with some skill and knowledge..

An additional complication on MAC filtering is the trend that we see in mobiles, with MAC randomization until the association is complete - it's a nifty idea to protect privacy in public, but can throw a wrench into the works when trying to establish and maintain a MAC filter list... and maintenance thereof...

No real benefit to MAC filters...

 

[ColinTaylor]

@pete y testing - I think you missed the sarcasm in my first sentence.

Regarding my use of filter lists; all I can say is that for my setup it's really simple and works very well. For other people it might not be appropriate.

P.S. I think what irks me is that whenever anybody posts anything about MAC filter lists or WEP keys, there's a queue of self proclaimed experts saying "oh, you shouldn't be using that it's really easy to hack", without actually offering any useful advice.

 

[sfx2000]

P.S. I think what irks me is that whenever anybody posts anything about MAC filter lists or WEP keys, there's a queue of self proclaimed experts saying "oh, you shouldn't be using that it's really easy to hack", without actually offering any useful advice.

WPA2-Personal, with a robust key, is more than sufficient for most home networks - WPA2-Enterprise is more so, but with the additional burden of setting up the infrastructure around it.

Things that aren't helpful from a security perspective...

1) Hiding SSID's - doesn't help at all, actually can hurt, as the SSID will be exposed at some point - hidden on the beacon, but not on the handshake for association, and the clients may expose it anyways via 802.11 Probe Requests
2) MAC filtering - passively watching a target WLAN will expose all MAC addresses allowed to associate with it - takes a few minutes, or one can push the issue by sending out an De-Associate frame, and the clients will leave and then rejoin

Items (1) and (2) above just add more work for someone running/maintaining a wireless LAN, and don't actually aid at all in keeping things secure..

 

[pete y testing]

P.S. I think what irks me is that whenever anybody posts anything about MAC filter lists or WEP keys, there's a queue of self proclaimed experts saying "oh, you shouldn't be using that it's really easy to hack", without actually offering any useful advice.

we do so because ppl still to this day some 10 plus years after that link i referred to was posted continue to even refer to any of these methods in any way shape or form , they are all debunked and redundant and should be avoided its that simple , it may irk you but sorry we should and have to let the masses know that things like mac filtering , hidding ssid's , wep wireless security and below are just not worth using and pose a security issue at best

- I think you missed the sarcasm in my first sentence.

sarcasm or not in suggesting so continues the confusion that still goes on to this day and it is part of the forums to alert ppl to avoid these types of actions to help not just them but all users that read these forums

i can post you thousands of examples and useful advise if you like but it takes some time to allow outside links in these forums , if you would like to know more plz ask as we are all here to help

have a nice day

pete