Thread: STEP BY STEP guide to secure wireless??
View Single Post
Old 04-04-05, 11:45 AM   #8 (permalink)
VegasGuy
Aximsite Rookie
 
VegasGuy's Avatar
DAP Freshman
 
Join Date: Mar 2005
Location: Vegas, Baby!
Posts: 75
Thanked 0 Times in 0 Posts

Awards Showcase
Aximsite Bronze Contributors 
Total Awards: 1

Originally Posted by phdeez
are you using MAC filtering under wireless or just MAC filtering in general?
The D-Link only has one section for MAC filtering under Advanced Tab > Filters Button and it prevents users that are already on the LAN (on the home/office side of the firewall) from getting out past the firewall to the Internet (the WAN).

Here is what the docs say for the DI-514:

Filters - MAC Filters
Use MAC Filters to deny computers within the local area network from accessing the Internet. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Select "Only allow computers with MAC address listed below to access the network" if you only want selected computers to have network access and all other computers not to have network access.
Select "Only deny computers with MAC address listed below to access the network" if you want all computers to have network access except those computers in the list.
Name: The name referencing the MAC filter.
MAC Address: The MAC address of the computer in the LAN (Local Area Network) to be used in the MAC filter table.

The first line is the one that caught my attention: "Use MAC Filters to deny computers within the local area network from accessing the Internet." As I read it, it does not provide ANY wireless security.

My Axim MAC address' last two digits are 5D and I have a MAC filter set up on the D-Link router with my Axim's MAC address. When I first set it up based on the information I read here, I thought it would allow ONLY my Axim to access my network via the wireless connection because all other MAC addresses would be filtered out. After getting everything working, I was re-reading the docs about MAC filtering and saw the information above. So, I tested my MAC filter in the router setup by changing the 5D to 5C. I was still able to get onto my home/office network (the LAN). This contradicted the suggestions about using MAC filtering to provide an extra layer of security in addition to some form of encryption, like WEP. (I also tested an incorrect WEP key and I was kept out like it should have.)

It would be foolish of me to say that all routers work this way. I only know the DI-514 works this way. However, there may be other routers that are like the DI-514. My only point is that someone may set up MAC filtering on their router thinking that it is providing at least SOME extra security when, in fact, it does nothing to keep an intruder off your home/office network. The only thing it would do is to stop the intruder from surfing the net. Others may want to test what their MAC filtering does for them.

[Edit] I looked at some user manuals online at the D-Link site and the DI-624 has the same configuration user interface as the DI-514 which means no wireless MAC filtering. I looked at the Linksys site and at the WRT54G wireless router. The WRT54G DOES have wireless MAC filtering. So, which router you have does make a difference. MAC filtering may offer an extra level of protection depending upon which router you own and if the filters are for wireless access to prevent unauthorized access from outside the network. The two D-Link routers 514 & 624 do not. It has been a good day, I learned something new.
Last edited by VegasGuy; 04-04-05 at 05:57 PM.
VegasGuy is offline   Reply With Quote