CWNA Summary Notes: Legacy 802.11 Security | MAC Filters

Posted on Updated on


MAC Filtering

MAC Filtering referes to the use of MAC addresses to client devices that can authenticate to a WLAN. MAC Filtering is not defined by 802.11 Standard and any implementation of it is Vendor specific.

Here is an example from my ASUS home router. Screenshot from 2015-06-30 00:09:01

Weakness:

MAC addresses can easily be spoofed.

Where used:

  • Protect legacy radios that do not support stronger security (eg. older bar code scanners)

Best Practice:

  • Separate the hand-held devices in a separate VLAN with a MAC filter based on the manufacturer’s OUI address.

LAB: MAC Filtering

I set up the house router to reject connections from one of my laptops and watched the behaviour. 2015-06-30 01_08_22-ASUS Wireless Router RT-N66U - Wireless MAC Filter I could see that my laptop (Azure_) was sending probe requests to my SSID, even one directed to my specific router (frame 7302). Here is a filter for the house SSID. Screenshot from 2015-06-30 01:13:01 Here, I filtered the source MAC address of my rejected Laptop that was sending probes. Screenshot from 2015-06-30 01:13:59 However, there were no probe responses being sent back from the router. It seemed as if the router was simply ignoring the requests and not processing or sending anything. Screenshot from 2015-06-30 01:14:32

Conclusion

From the test, we see that the AP seems to ignore packets coming from clients with rejected MAC addresses. Am not sure what exactly the behaviour should be at this point hence can only make conclusions as per my home lab setting. Once the filter was removed, I was able to authenticate and associate as usual.

References:

  1. CWNA-106 Certified Wireless Network Administrator Study Guide by David D. Coleman and David A. Westcott.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s