Mac Filter vs WPA encryption.
I learned that Cisco Linksys does not have a stealth mode for the wireless. What they recommend in place of that is a Mac Filter. Essentially, you only allow certain mac addresses through the router. When I tried it, however, it said that WPA encryption would be disabled if I use the Mac Filter. I talked myself out of it when it occurred to me that someone could mac clone my address, somehow. I realize they still need the password, but, that's just one step away from getting in.
Does anyone know about Mac Filters enough to weigh in?
Thor_MN
(11,843 posts)WPS is the feature that allows "easy" setup and is vulnerable to brute forces attack. Disabling WPS is actually reccomended if the router allows it. To spoof the MAC address of one of your devices would mean that it would need to be acquired by an attacker in the first place, then they would still need your WPA or WPA2 passcode.
The disadvantage to a MAC filter would be if you wanted to allow someone to use your WiFi temporarily ( a guest) or when you get a new device and you have to go and add the MAC address to the filter to allow it to connect.
Baitball Blogger
(46,757 posts)I think I confused WPS with WPA.
When guests come to visit, I can always switch it back.
So, every device that has a Mac address would need to be input? Laptops, DVR and the Iphone?
Thor_MN
(11,843 posts)I think most routers also allow a "blacklist", those not allowed to connect, as well. This is most useful if you want to annoy a specific person...
MACs, for the most part, are random values out of 2 to the 48th possibilities, so it's a game of keeping up with each device. Not much chance of getting a MAC spoofed, unless you allow the device out of your hands and into the hands of a determined attacker or connect to your attacker's network, where it could be recorded.
Baitball Blogger
(46,757 posts)installed by an outside party. In that case, the technician would be aware of the MAC address.
Still, he would need to get the router's WPA encryption code.
Updated to add that I found this on the internet: "It is important to note that you CAN disable the WPS feature in the Advanced Configuration should you need to."
So I'm good to go.
Thank you!
sir pball
(4,759 posts)It's utterly trivial on an open network; just put your laptop into monitor mode and you can see all the packets to and fro the open AP. Including the MAC addresses. Spoofing an already-active one may cause a collision, sure, but that's an awfully weak form of security. If you never have guests on your (encrypted) network, whitelists can't hurt, but they aren't really as much help as they can be made out to be.
Thor_MN
(11,843 posts)If one knows that a MAC filter even exists, they are not going to be leaving security off unless they are deliberately asking for trouble. The OP was about a MAC filter disabling WPS, not WPA. I know that it says WPA, but the poster has already confirmed that it is WPS that gets disabled, not WPA.
sir pball
(4,759 posts)Assuming you have a good password it's always the first and most secure option.
What router are you using, though? I have a Linksys WRT54 (the good old indestructible blue one) and it support stealth mode...it's under the Security tab, Firewall section, "block anonymous internet requests". I have it active, and I can turn on MAC whitelisting as well. I don't, because I let houseguests connect, but I could have both WPA2 and whitelisting enabled should I wish.
Baitball Blogger
(46,757 posts)I had confused WPS with WPA. I have disconnected the WPS and now that you told me what the magic words are to look for to go into stealth mode, I will probably do that next.
Thanks!
sir pball
(4,759 posts)Stealth mode may mess up your security camera though - that's an anonymous internet request.
Baitball Blogger
(46,757 posts)Thanks again.