MAC address filtering is one of those controversial features that some people swear by while others say it’s a waste of time and resources. So what is it? In my opinion, both depend on what you are trying to achieve using it.
Unfortunately, this feature is marketed as a security enhancement that can be used if you are tech-savvy and willing to put in the effort. It doesn’t really provide additional security and may make your Wi-Fi network less secure! Don’t worry, I’ll go into more detail below.
However, this is not entirely useless. In some legal cases, you can use MAC address filtering on your network, but this does not add any additional security. Instead, it is more of an administration tool with which you can control whether your kids can go online at specific times during the day, or if you want to manually add devices to your network that you can control.
Why not make your network more secure
The main reason it doesn’t make your network more secure is because it’s very easy to spoof your MAC address A network hacker, which can literally be anyone since the tools are so easy to use, can easily figure out the MAC addresses on your network and then spoof that address on their computer.
So, you might ask, how can they get your MAC address if they can’t connect to your network? Well, that’s an inherent weakness in Wi-Fi. Even on a WPA2 encrypted network, the MAC addresses of these packets are not encrypted. This means that anyone with network sniffing software installed and a wireless card in range of your network can easily grab all the MAC addresses that are associated with your router.
They can’t see data or anything like that, but they don’t need to break encryption to access your network. Why? Because now that they have your MAC address, they can spoof it and then send special packets called dissociation packets to your router that will disconnect your device from the wireless network.
The hacker device will then try to connect to the router and will be accepted as it is now using your valid MAC address This is why I said earlier that this feature can make your network less secure, because now a hacker doesn’t have to worry about trying to crack your WPA2 encrypted password! They just need to pretend to be a reliable computer.
Again, this can be done by someone who has little or no understanding of computers. If you just Google hack your Wi-Fi using Kali Linux, you have tons of guides on how to hack your neighbor’s Wi-Fi in minutes. Do these tools always work?
The best way to stay safe
These tools will work, but not if you’re using WPA2 encryption along with a fairly long WiFi password. It is very important that you do not use a simple and short WiFi password because all a hacker does when using these tools is a brute force attack.
They will use brute force to grab the encrypted password and try to crack it using the fastest machine and largest password dictionary they can find. If your password is strong, it can take years to crack. Always try to use WPA2 with AES only. You should avoid using WPA [TKIP] + WPA2 [AES] as it is much less secure.
However, if you have MAC address filtering enabled, a hacker can work around all these issues and simply hijack your MAC address, spoof it, disconnect you or another device on your network from the router, and connect freely. Once inside, they can do any damage and gain access to everything on your network.
Other solutions to the problem
But some people will still say that it is very useful to control who can connect to my network, especially since no one knows how to use the tools I mentioned above. Ok, but the best solution to control outsiders who want to connect to your network is to use a guest Wi-Fi network.
Almost all modern routers have a guest Wi-Fi feature that will allow you to let others connect to your network, but prevent them from seeing anything on your home network. If your router doesn’t support it, you can simply purchase a cheap router and connect it to your network with a separate password and a separate IP range.
It’s also worth noting that other WiFi security â€œenhancementsâ€ such as disabling SSID broadcasts will also make your network SAFE, not more secure. Another person told me that they are trying to use static IP addressing. Again, if a hacker can determine the range of IP addresses on your network, he can also use any address from that range on his machine, regardless of whether you assigned that IP address or not.
Hopefully this gives you a clear idea of ??what MAC address filtering can be used for and what to expect. If you think otherwise, let us know in the comments. Enjoy!