<div dir="ltr"><div class="gmail_quote">On Wed, Apr 6, 2011 at 11:17 AM, Elazar Leibovich <span dir="ltr"><<a href="mailto:elazarl@gmail.com">elazarl@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr"><br><br><div class="gmail_quote"><div class="im">On Wed, Apr 6, 2011 at 10:26 AM, shimi <span dir="ltr"><<a href="mailto:linux-il@shimi.net" target="_blank">linux-il@shimi.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><br><div class="gmail_quote"><div>Changing your MAC is pretty trivial...<br></div></div></div></blockquote><div><br></div></div><div>Yeah, but guessing which MAC is in my whitelist is less so. So if an attacker want to spoof his MAC address he has to sniff for a MAC address, (which means he can do that only when my computer is on). I'm not familiar with the WiFi protocol, but I'm sending the MAC only in the handshake phase it's even harder to spoof your MAC.</div>
<div><br></div><div>I'm not trying to avoid the NSA, the attack vector I'm trying to prevent is a random vandals. A vicious attacker can simply knock on my door and ask to use my computer to check when his flight is leaving.</div>
</div></div>
</blockquote></div><br>You don't need to guess if you can passively get them, courtesy to active network traffic... "my computer isn't always on" is like putting your head in the sand :)<br><br>If you want to stop random vandals, just have your network with encryption and don't publish the key. If you open anonymous access... it would be open.<br>
<br>If not going VLAN-way, your other choice is to not allow connections coming from the outside at all (to all the computers in your LAN - easy in Linux, difficult if you also have Redmond) - and just run some OpenVPN server on the Linux to have things open (authentication + encryption).<br>
<br>-- Shimi<br></div>