MAC Address Filtering With BT HomeHub2 ?

Bint Box · 28 Jul 2010 at 22:49

Hi,

Would anyone know if it is possible to setup MAC address filtering on a BT HomeHub2 ? I have searched through the menu options but cannot locate any option to enable this.

Rgds
Binty

Bint Box · 28 Jul 2010 at 22:52

benftl said:
I'm not too sure, but why do people get hung up on MAC filtering anyway? MAC addresses can easily be spoofed so it's a rubbish security measure, so long as you have a decent WPA key you should be alright.

Extra security, rubbish or not. By the way, are you able to assist with the original question?

Rgds
Binty

Bint Box · 28 Jul 2010 at 23:07

benftl said:
I wasn't having a go, just putting across the message that MAC filtering is near worthless as a security measure.

Some quick googling reveals that the BTH2 doesn't support MAC filtering:

http://www.avforums.com/forums/networking-nas/1038552-bt-home-hub-2-a.html

http://community.bt.com/t5/BB-in-Home/BT-Homehub-2-MAC-Address-ALC/td-p/10803

OK, thx, it confirms my search through the router menus that it is not available. I need to change the BT HomeHub at some point as the WiFi range is moderate. I will make sure any new purchase has MAC filtering as an option.

Rgds
Binty

Bint Box · 28 Jul 2010 at 23:25

benftl said:
Indeed, I recently sent a DG834GT to a friend as a replacement for his poorly-performing BTHomeHub. With DGTeam f/w, you also get MAC filtering and these routers can be had for sub-£20 on eBay.

Worth a shot!

Aye, that was one of the routers I had in mind and they are cheap enough nowadays. Is the DGTeam firmware a NetGear upgrade or a third party upgrade?

Rgds
Binty

Bint Box · 28 Jul 2010 at 23:28

benftl said:
Indeed, I recently sent a DG834GT to a friend as a replacement for his poorly-performing BTHomeHub. With DGTeam f/w, you also get MAC filtering and these routers can be had for sub-£20 on eBay.

Worth a shot!

As I am thinking of getting a couple of NetGear Powerline adaptors for a TV LAN connection it may be the time to get the NetGear DG834GT router and have all the router/powerline stuff as NetGear.

Rgds
Binty

Bint Box · 28 Jul 2010 at 23:31

benftl said:
It's a 3rd party upgrade, though I've never actually checked an official firmware for MAC filtering. I have a feeling it's a default feature!

Not having used a NetGear router before, what are the advantages of the 3rd party firmware, it seems to be quite popular for the DG834GT router?

Rgds
Binty

Bint Box · 29 Jul 2010 at 10:31

benftl said:
The main advantage is the ability to alter your SNR value, enabling you to attain higher sync rates. There are lots of extra little niceties too such as DHCP address reservation, custom startup scripts, WOL and so on.

Thx, I will have a google for a download of the DGTeam firmware.

Rgds
Binty

Bint Box · 29 Jul 2010 at 11:16

benftl said:
There are tools available that sniff out a network to see what clients (MAC address) are connected to an AP. You can then use easily available tools to spoof your own MAC address. I've played around with it before and it does work, Google it, should be easy to find info

When you say "sniff out a network" are you referring to a network that is broadcasting its SSID via WiFi and is visible?

Or, are you saying that even if the WiFi SSID is not broadcast there are tools available that will allow a hacker to gain access to the network and find the MAC address of PC's on the network.

Surely, for both the above options, the hacker would need to have the WPA/WEP key to gain access ?

Rgds
Binty

Bint Box · 29 Jul 2010 at 11:42

benftl said:
A network that is broadcasting its SSID and where a client is connected. If the network is protected with encryption then yes you'd still need the key to gain access, which is why MAC filtering is IMO near-useless but only really dangerous if it's used as protection for an open network.

OK, thx for the clarification. One last question, if the network is not broadcasting its SSID but is open, ie, not WPA/WPE password protected then am I correct in assuming that MAC sniffing is still not possible?

It seems that MAC sniffing is only possible on a non WPA/WPE password protected network that is broadcasting its SSID ?

Rgds
Binty

Bint Box · 30 Jul 2010 at 10:14

J.B said:
The best thing a home user can do is have a good WPA passphrase, use a random string generator or something obscure as WPA is still vulnerable to an offline brute force/dictionary attack.

Can the WiFi connection be configured to block all incoming requests for a period of 15 minutes after 3 failed connection attempts or something along those lines? Or, is there something about WiFi connectivity that excludes this type of approach?

If possible, would this negate any brute force attack in practice?

Rgds
Binty