Re: Is someone on my network??????????

In article <cA9Qh.4089$13.2219@xxxxxxxxxxxxxxx!nnrp1.uunet.ca>, Clever
Monkey <spamtrap@xxxxxxxxxxxxxxxx> wrote:

trivial to spoof. mac addresses are broadcast in the clear, regardless
of encryption on the wifi network.

While true, it means that the idle or curious will be denied access
until and unless they learn how to spoof the MAC. Some (well, one that
I know of) operating systems (or, rather, TCP/IP implementations) do not
even support this.

wpa blocks just about everyone unless the passphrase is lame (less than
20 chars).

if the intruder can crack wpa, then they know how to spoof mac
addresses. if they can't crack wpa, it doesn't matter whether they're
capable of spoofing mac addresses because they won't get past the wpa.

Simply add the machines that are allowed to access your
wireless access point by the MAC address of the wireless cards you know.

uneccesary hassle.

No hassle. I have a handful of MACs I know about. The rest I ignore.
Only the incredibly bored, technically savvy folks would get any
further, and I'm trusting that a smaller subset of those have access to
my network and have some reason to crack it. I'm not running an open
network, so it makes sense to let only a subset of connections get
further than the MAC filter. Those are logged to loghost which I can
inspect easily.

any time you want another computer on the network, be it a new
computer, a replacement due to a repair, or a friend visiting, you have
to obtain the mac address and add it to the router. that's a hassle.

I _want_ only the truly curious or the truly criminal to jump the small
hurdle of getting a MAC. They become conspicuous by their presence.

run intrusion detection software, or check the dhcp logs.

The combination of those two strategies and using a good WPA2 scheme
limits your venerability to all but the most persistent hackers.

wpa or wpa2 with a decent passphrase is sufficient security. the rest
just adds hassles.
You might want to reread what was said there. A combination of
strategies based on a good WPA setup was advised. This is exactly the
sort of advice that anyone who does security would advised. Layered
security is a Good Thing.

a combination of strategies is very good, however, when they're trivial
to crack, they offer no advantage.

effective layered security would be something like wpa, ipsec vpn on
top of that, and restricted access to the computers.
.