D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: sapox on July 21, 2009, 02:43:09 PM
-
In order to improve the speed between my 655 and PC's I have been thinking how about to turn off the Secure Mode in the router and just set the MAC filter ON for each of my computers. I have made some test with and without security and I get an improvement of around 1-2 MB/s. (giving me a total of 10 MB/s btw.)
I know that someone could argue that MAC's are easy to copy/reproduce but which are the chances that my neighbour guess my exact MAC or try by brute force 2^48 possible combinations?
So, the final question how secure could be this configuration? (i.e. No WEP/WPA/WPA2, only MAC filter)
Good idea, bad idea? Any feedback is welcome.
-
No need to guess the MAC: Just sniff your wireless traffic and it is announced because it is broadcasted without encryption :)
I do not use any encryption, only MAC filtering. I want to optimize connection with my wireless mediaplayer, si I take my chances. I do run a Syslog client on my PC so when there is some activity that is suspicious I can act.
-
Hi,
I am generally in your court. I would also suggest you disable SSID broadcast to go along with basic MAC filtering. It does NOT stop somebody from sniffing your wireless packets and decoding what you are sending between your wireless PC and the router....THIS is the risk by not using encryption with wireless.
You have to examine your physical surroundings (environment), neighbors, and what if any Tech Saavy people might be within sniff range of your wireless signals.... Beyond that, do you care if somebody does in-fact grab your signals and decrypts your packets....
Many folks are simply updating their facebook page or twitter stuff....but if you actually do stuff thata should be kept confidential...well then, its your call...
SD1
-
IMHO, hiding the SSID in the top 5 things that would grab a hacker's attention. It literally screams "I have something to hide and I don't want anyone on my network." Sure the average user won't see it on Windows "Wireless Networks" list, however Windows is still aware of the "hidden" AP because it can see the MAC address of the beacon.
Building on that MAC filtering is easily hackable especially if encryption is off - also on my top 5 list. All I need is one packet and about two minutes to clone that mac to my NIC, reboot, and voila, I'm now your computer (from the DIR-655's perspective).
In terms of performance, it has been shown the 655 is [/i]faster[/i] when in G/N mode with WPA/WPA2 enabled. If I could find which D-Link employee said it in the fourm, I would quote it. :)
From a security perspective MAC filtering should really be used as an "enforcer" of encryption. For example if you ask your kids not to share the wireless password with their friends, would they really listen to you? The way to enforce it is even if they do get the encryption password, the MAC address wouldn't be in the allowed table. Of course if they have the wireless password, if you had really smart kids, they too could clone the MAC address. MAC filtering is very, very weak.
I could see where it would be stronger with the Guest Zone (which is a VLAN) and only if routing between zones is disabled. They wouldn't be able to sniff traffic from the primary zone and gather those mac addresses. There would have to be at least one approved client in the guest zone for that hack to work if the attacker knew the wireless password.
-
The only "real" security is the encryption.
And the best performance is gained if you use WAP2 / AES only because AES enccryption is done by the "modern" hardware.
All recent wireless chips have build in AES encryption, so if all your clients support it, forget about MAC filter and hiding SSID.
MAC filter causes more work and trouble than it helps if you have more than a handfull of clients.
Changing MACs is easily done in all Windows and Linux versions I know.
Hiding SSID still leads to connection problems with some clients.
So if you don't live on countryside without neighbours, you should not spend any thoughts on disabling encryption.
-
When setting up MAC filtering, do we need to add all the wired computers as well as the wireless ones?
Robin
-
When setting up MAC filtering, do we need to add all the wired computers as well as the wireless ones?
Robin
Yes, you will need to any computer that will be connected through the router.
-
Yes, you will need to any computer that will be connected through the router.
Unless you unleash the hidden options. In that case you can select to exclude wired connections from MAC filtering and include only wireless clients (or VV and both)
-
How does one unleash hidden options?
-
How does one unleash hidden options?
Search the forum threads of the last month or so. ("Router bridge mode still works ..." or something like that)
-
I have my answer. Thank you very much!
-
OK, thanks to everybody for the feedback about the MAC question.
My conclusion is that is not safe enough, so I'll just continue with my old WPA2... ;)