MAC Address
Jean Tourrilhes
jt at bougret.hpl.hp.com
Sat Oct 19 03:23:29 EST 2002
ht lee wrote :
> Hi All,
>
> I was reading about the insecurity of 802.11b and I was just curious
> why would the vendors allow the MAC address of a wireless network to
> be changed? All the websites that I visited only say that it allows
> MAC spoofing, but never say why in the first place they allow MAC
> address to be changed?
>
> Thanks.
>
> Cheers
>
> Sean H. Lee
Remember that an attacker will choose the most appropriate
hardware for the job. Don't expect the attacker to use the same
hardware as you use.
So, let's assume that vendors decide to prevent MAC address
spoofing. There is like 50 different vendors of 802.11 cards (some you
probably haven't heard of), so how do you guarantee that *every*
single of them comply with this requirement ? If only one doesn't,
maybe somewhere in china, you are not safe.
Hackers have the habit of tweaking things. They have broken
much more elaborate security schemes (DeCSS, DVD region encoding...),
so I can guarantee you that such a restriction would not last very
long (two seconds to reprogram the EEprom on the card with a new MAC).
So, MAC address restrictions would only give you the illusion
of security, but not real security. Trust the security experts, they
usually know what they are talking about, and use IPsec. Changing the
MAC address has advantages and legitimate use, and doesn't change the
security equation, so there is no point preventing it.
Regards,
Jean
More information about the wireless
mailing list