Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-21-2006, 12:10 PM
|
#1
|
LQ Newbie
Registered: Jan 2006
Posts: 18
Rep:
|
Newbie question about WEP cracking
When I use tools like airodump and aireplay, if I wanted to
be absolutely safe, is it necessary to change the MAC on
my wireless card?
My understanding is that at no time does my MAC address
ever appear over the air. Somebody please correct me if
I am mistaken.
Ilan
|
|
|
02-21-2006, 12:19 PM
|
#2
|
Moderator
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
|
Hi,
Yes, using MAC filtering with WEP provides a more secure wireless network than WEP alone. WPA would be the way!
As for changing the MAC address of your card. The MAC is uniquely assigned to the manufacture and therfore is assign to the card to identify it as such. The chance of hitting someone's MAC does exist but the scale of your network would have to large. Therefore , you could change it but why.
Last edited by onebuck; 02-21-2006 at 12:22 PM.
|
|
|
02-21-2006, 05:55 PM
|
#3
|
LQ Newbie
Registered: Jan 2006
Posts: 18
Original Poster
Rep:
|
Quote:
Originally Posted by gwsandvik
Hi,
Yes, using MAC filtering with WEP provides a more secure wireless network than WEP alone. WPA would be the way!
As for changing the MAC address of your card. The MAC is uniquely assigned to the manufacture and therfore is assign to the card to identify it as such. The chance of hitting someone's MAC does exist but the scale of your network would have to large. Therefore , you could change it but why.
|
gwsandvik, your reply was not helpful at all!
Could somebody who is more knowledgeable please reply?
Ilan
|
|
|
02-21-2006, 08:49 PM
|
#4
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
I actually misunderstood your question the first time I read it as well...I think it has something to do with the wording.
If your question is whether you should change your MAC address when using a WEP cracking tool so that the MAC cannot be traced back to you, then it really depends. If you are using a passive technique, then no, it shouldn't transmit any packets and hence your MAC never hits the wire (or wireless in this case). If you use an active cracking technique, then yes, it will transmit packets. For a replay attack, it should use one of the clients MACs from the captured session. For other active attacks, I don't know if any of the tools forge MAC addresses.
In general, doing anything that makes you think you need to hide your MAC is probably a bad idea. An experienced investigator will likely be able to track you down with or without a real MAC.
Also note that asking cracking-related questions is against our site rules, so I'll likely close this thread if it becomes a WEP-cracking guide.
|
|
|
02-22-2006, 02:02 PM
|
#5
|
Member
Registered: Sep 2002
Posts: 310
Rep:
|
I've used airodump/aireplay for monitor/inject attacks, but haven't sniffed during this event so I can't say for certain. I am 99% sure that your mac is sent out when using airodump in conjunction with aireplay since you are sending out packets. My other thought is change your mac anyways. What do you have to lose? Worst case, you change your mac and everything still works.
|
|
|
02-23-2006, 12:19 PM
|
#6
|
Moderator
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
|
Quote:
Originally Posted by ilan1
gwsandvik, your reply was not helpful at all!
Could somebody who is more knowledgeable please reply?
Ilan
|
Hi,
Why change it? As for your snide remark, you won't get much help with that attitude. If you want to change it then change it. As for hiding, won't happen if some really wants to find you!
|
|
|
02-23-2006, 01:48 PM
|
#7
|
Member
Registered: Sep 2002
Posts: 310
Rep:
|
gwsandvik
Your post really was not helpful in regards to the question being asked by the thread starter. Instead of taking responses emotionally, perhaps taking time to read and evaluate what is being asked would be a better option. At no point were the topics of MAC filtering or WEP vs. WPA ever mentioned by the thread starter.
We appreciate all contributors at LinuxQuestions, and are thankful for the help you've provided thus far
Quote:
Originally Posted by gwsandvik
Hi,
Why change it? As for your snide remark, you won't get much help with that attitude. If you want to change it then change it. As for hiding, won't happen if some really wants to find you!
|
|
|
|
02-23-2006, 02:41 PM
|
#8
|
Moderator
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: SlackwareŽ
Posts: 13,970
|
Quote:
Originally Posted by int0x80
gwsandvik
Your post really was not helpful in regards to the question being asked by the thread starter. Instead of taking responses emotionally, perhaps taking time to read and evaluate what is being asked would be a better option. At no point were the topics of MAC filtering or WEP vs. WPA ever mentioned by the thread starter.
We appreciate all contributors at LinuxQuestions, and are thankful for the help you've provided thus far
|
Hi,
I read the OP and responded as I saw the request. Maybe I read between the lines and assumed. But it was my interpretation. Judge as ye judge!
I will continue to respond and find that it is only fitting to give back to the community. I am not taking any response emotionally, now that is weighing on your part! As any responder, people refer information in the manner they feel fit. And the reference article was appropriate in my mind.
As for your input, do as you desire. BTW, that is not intended to be snide nor smart. I don't see a moderator tag or feel that your interpretation was warranted.
As stated the general drift of a request to change a MAC generally is related to the WEP problem and or wired when one wants to attempt to hide. Read into as you will.
BTW, thanks! I will continue to respond.
|
|
|
All times are GMT -5. The time now is 09:47 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|