MAC Authentication - Bad Idea?

Gary Gatten Ggatten at waddell.com
Wed Feb 2 21:00:52 CET 2011


On shared medium, I don't *think* dupe macs will cause much problem, unless maybe a congestion algorithm tweaks traffic to/from that mac. I'm not an expert in that area, just speaking from experience.

----- Original Message -----
From: Brian Candler [mailto:B.Candler at pobox.com]
Sent: Wednesday, February 02, 2011 01:53 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: MAC Authentication - Bad Idea?

On Wed, Feb 02, 2011 at 11:15:13AM -0800, Jim Rice wrote:
> Do I need to be concerned with MAC spoofing?

It's easy to do, so it will probably happen; this risk is weighed against
providing a service which is easy for your customers to use.

What happens if two people try to use the same MAC address simultaneously on
your wireless network?  I suspect it will break service for both of them,
which means that it's actually not very useful for freeloading.  They'd have
to coordinate to use it at different times.

You could also look for simultaneous users in your RADIUS accounting logs.

Regards,

Brian.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list