Re: MAC Filtering


From: Jerritt Collord (collord_at_collord.net)
Date: 2001-12-16 18:40:11 UTC


Remember that if your only object is per-MAC filtering on traffic leaving the interface bound for say, the internet, the linux mechanisms iptables or even ebtables can solve most every problem. The only thing something this low-level would do is muck with 802.11b association or 802.11b AP frame rebroadcast. Which are interesting problems but frankly I can't imagine useful enough for the hassle.

Iptables are used by NoCat(.net) to create a captive portal based on per-MAC authentication. Easy to create a "sorry, you haven't paid the bill" page to sent in response to any HTTP request based on MAC.

That being said, I think a userspace handler for association requests would be interesting.

Jerritt Collord

> New to the list and this is the first message that I see coming in. We are a
> Wireless ISP in Ohio. While I will agree that MAC filtering is not any type
> of "real" security tool, it does keep honest people honest, much like locking
> your car door, won't stop a car thief from smashing your window and
> hotwiring you buggy, it will stop the average guy from opening the door and
> looking inside. Mac filtering will also stop the accidental usage of ones
> system as well and give more control of the wireless system to the admins.



This archive was generated by hypermail 2.1.4.