Why is MAC-based authentication insecure?

Why is MAC-based authentication insecure? Most wireless routers can use MAC-based authentication as part of their overall security scheme. It seems like a good idea, but I've heard that it is very ineffective, because it's easy to spoof MAC addresses.
Asked by: Guest \| Views: 220

Total answers/comments: 4

Comments display order:

Guest [Entry]

"In an ethernet network the MAC address is used to uniquely identify each node (computer etc) on the network. Every packet broadcast over the network must contain the MAC address of the intended receiver to ensure packets get where they need to go.

Therefore using a packet sniffing tool it is quite easy to extract valid MAC addresses ""off the wire"". Once you have the MAC address, as you already know, spoofing the MAC address is even easier.

Also, I seem to remember that MAC addresses are part of the OSI Data Link layer (level 2) and are still visible in packets even if encryption such as WEP / WPA2 is used. This may have changed more recently however."

Guest [Entry]

"It's only insecure if you actually have something valuable to protect. If you're just trying to prevent unauthorized users from using your wireless connection MAC-based authentication is fine.

MAC addresses aren't intended to be kept private, so it's very easy for someone to clone it."

Guest [Entry]

I think it would be fairly trivial to find your MAC address if you were on any network other than your own along with a hacker. Not to mention, the MAC addresses aren't random. The first X digits represent the make of the router and I believe the other digits represent other things as well.

Guest [Entry]

While they are easy to spoof, it is more work for the hacker to do so. I don't think it will hurt as part of your overall security scheme. Just don't rely on it alone.