Yes, MAC addresses are easily spoofed. Don't count on this for security.
posted by rokusan at 1:17 PM on September 2, 2008

They are easily spoofed, and all of your traffic is transmitted over the air, in the clear, which is probably dangerous from an identity theft point of view. (Even if your banking and email are done via SSL, which they should be, your privacy is seriously compromised.)
posted by grobstein at 1:26 PM on September 2, 2008

Security doesnt just mean "lock people out of your wap", it also protects your data on the way to the WAP. Without WEP/WPA your login to Myspace/ftp/smtp/pop3 is still send unencrypted, and its much easier to pick your passwork out of the air than on the wire.
posted by SirStan at 1:40 PM on September 2, 2008

Mac filtering is a terrible way to control wifi access. Anyone who is motivated can easily sniff all your non-encrypted traffic and also whatever mac you are using. This will not only give them access to your router but they can also deny you access to your router. WPA is brain-dead simple to turn on. Use it. Its a lot easier to give a visiting friend or new network device the passphrase than always inputting mac addresses. Win-win.
posted by damn dirty ape at 2:12 PM on September 2, 2008

Just to clarify, you can use both. But yes, unencrypted web traffic is just being broadcast for all, and as rokusan stated above, you can change your MAC address easily.
posted by ALongDecember at 2:21 PM on September 2, 2008

Bruce Schneier's not worried. In fact, his mention of Fon seems interesting, and if it works, gives the benefits of security and the karma of open networks.
posted by Lemurrhea at 3:21 PM on September 2, 2008

Bruce also knows how to lockdown desktops, servers, implement radius, create virtual networks, prioritize traffice, firewall ports, etc. Joe Wireless user doesnt, hence all the recommendations to use WPA and be donewith it.
posted by damn dirty ape at 4:14 PM on September 2, 2008

Yes, [insert super scary explanation here.] The real question however is, what are the chances that someone is going to be scanning and attempt to spoof a MAC address on an average HOME network? Do your neighbors attend DEFCON every year? If not, chances are pretty low that a.) they have the skills to sniff your wireless traffic, and b.) care about your wireless traffic.

People worry too much.

That said, you still might as well use WPA. Just in case your neighbors are 1337 h4x0r5.
posted by BryanPayne at 4:26 PM on September 2, 2008

Hey, 1337 h4x0r5 have to live somewhere, too. And even then, it's not just your next-door-neighbor we're talking about: wardrivers do exist.

Better to [return > 0] on the side of caution.

If you want both the having and the eating of the cake, broadcast the name of your network in the SSID as 'Private Network. Access at www.website.com' or 'Access at mailme@website.com'. From there you can suss out someone's reliability, or, if you want, charge them for access. I used to work with a guy who wound up with pretty nice up/down speeds for $5 a month just for being a good neighbor and asking first.
posted by eclectist at 12:32 AM on September 3, 2008 [1 favorite]

This thread is closed to new comments.