Re: MAC Filtering


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2001-12-16 14:18:47 UTC



On Sun, Dec 16, 2001 at 09:53:37AM +0000, hristo wrote:

> How hard would be to inplement MAC Filtering in Host AP?
> Just a text file with list of allowed MACs and Driver to
> check against every MAC and reject not listed MACS in that
> file (if file is empty All MACS are allowed). I think it
> would be fery nice and usefull Feature...

It would be trivial to add MAC filtering to station authentication, but I do not fully agree with this being useful. If this is seen as an security mechanism, it would just create a false illusion of security. It is easy to sniff a usable MAC address and then change a station to use that MAC.

If it is understood that MAC filtering does not really add any real security and there is another use for it, I might consider adding it. In addition, I would prefer this as a more generic method for passing authentication handling to a userspace daemon.

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.