MAC Address Filtering With BT HomeHub2 ?

Bint Box · 28 Jul 2010 at 22:49

Hi,

Would anyone know if it is possible to setup MAC address filtering on a BT HomeHub2 ? I have searched through the menu options but cannot locate any option to enable this.

Rgds
Binty

benftl · 28 Jul 2010 at 22:50

I'm not too sure, but why do people get hung up on MAC filtering anyway? MAC addresses can easily be spoofed so it's a rubbish security measure, so long as you have a decent WPA key you should be alright.

Bint Box · 28 Jul 2010 at 22:52

benftl said:
I'm not too sure, but why do people get hung up on MAC filtering anyway? MAC addresses can easily be spoofed so it's a rubbish security measure, so long as you have a decent WPA key you should be alright.

Extra security, rubbish or not. By the way, are you able to assist with the original question?

Rgds
Binty

benftl · 28 Jul 2010 at 22:54

I wasn't having a go, just putting across the message that MAC filtering is near worthless as a security measure.

Some quick googling reveals that the BTH2 doesn't support MAC filtering:

http://www.avforums.com/forums/networking-nas/1038552-bt-home-hub-2-a.html

http://community.bt.com/t5/BB-in-Home/BT-Homehub-2-MAC-Address-ALC/td-p/10803

Bint Box · 28 Jul 2010 at 23:07

benftl said:
I wasn't having a go, just putting across the message that MAC filtering is near worthless as a security measure.

Some quick googling reveals that the BTH2 doesn't support MAC filtering:

http://www.avforums.com/forums/networking-nas/1038552-bt-home-hub-2-a.html

http://community.bt.com/t5/BB-in-Home/BT-Homehub-2-MAC-Address-ALC/td-p/10803

OK, thx, it confirms my search through the router menus that it is not available. I need to change the BT HomeHub at some point as the WiFi range is moderate. I will make sure any new purchase has MAC filtering as an option.

Rgds
Binty

benftl · 28 Jul 2010 at 23:12

Indeed, I recently sent a DG834GT to a friend as a replacement for his poorly-performing BTHomeHub. With DGTeam f/w, you also get MAC filtering and these routers can be had for sub-£20 on eBay.

Worth a shot!

Bint Box · 28 Jul 2010 at 23:25

benftl said:
Indeed, I recently sent a DG834GT to a friend as a replacement for his poorly-performing BTHomeHub. With DGTeam f/w, you also get MAC filtering and these routers can be had for sub-£20 on eBay.

Worth a shot!

Aye, that was one of the routers I had in mind and they are cheap enough nowadays. Is the DGTeam firmware a NetGear upgrade or a third party upgrade?

Rgds
Binty

Bint Box · 28 Jul 2010 at 23:28

benftl said:
Indeed, I recently sent a DG834GT to a friend as a replacement for his poorly-performing BTHomeHub. With DGTeam f/w, you also get MAC filtering and these routers can be had for sub-£20 on eBay.

Worth a shot!

As I am thinking of getting a couple of NetGear Powerline adaptors for a TV LAN connection it may be the time to get the NetGear DG834GT router and have all the router/powerline stuff as NetGear.

Rgds
Binty

benftl · 28 Jul 2010 at 23:29

It's a 3rd party upgrade, though I've never actually checked an official firmware for MAC filtering. I have a feeling it's a default feature!

Bint Box · 28 Jul 2010 at 23:31

benftl said:
It's a 3rd party upgrade, though I've never actually checked an official firmware for MAC filtering. I have a feeling it's a default feature!

Not having used a NetGear router before, what are the advantages of the 3rd party firmware, it seems to be quite popular for the DG834GT router?

Rgds
Binty

benftl · 28 Jul 2010 at 23:36

The main advantage is the ability to alter your SNR value, enabling you to attain higher sync rates. There are lots of extra little niceties too such as DHCP address reservation, custom startup scripts, WOL and so on.

Bint Box · 29 Jul 2010 at 10:31

benftl said:
The main advantage is the ability to alter your SNR value, enabling you to attain higher sync rates. There are lots of extra little niceties too such as DHCP address reservation, custom startup scripts, WOL and so on.

Thx, I will have a google for a download of the DGTeam firmware.

Rgds
Binty

arknor · 29 Jul 2010 at 11:05

benftl said:
I'm not too sure, but why do people get hung up on MAC filtering anyway? MAC addresses can easily be spoofed so it's a rubbish security measure, so long as you have a decent WPA key you should be alright.

how would a hacker know what your mac address is to spoof it and connect to your router?

surely they would either need acess to one of your computers or access to the router which they cant have

benftl · 29 Jul 2010 at 11:10

There are tools available that sniff out a network to see what clients (MAC address) are connected to an AP. You can then use easily available tools to spoof your own MAC address. I've played around with it before and it does work, Google it, should be easy to find info

Bint Box · 29 Jul 2010 at 11:16

benftl said:
There are tools available that sniff out a network to see what clients (MAC address) are connected to an AP. You can then use easily available tools to spoof your own MAC address. I've played around with it before and it does work, Google it, should be easy to find info

When you say "sniff out a network" are you referring to a network that is broadcasting its SSID via WiFi and is visible?

Or, are you saying that even if the WiFi SSID is not broadcast there are tools available that will allow a hacker to gain access to the network and find the MAC address of PC's on the network.

Surely, for both the above options, the hacker would need to have the WPA/WEP key to gain access ?

Rgds
Binty

benftl · 29 Jul 2010 at 11:32

A network that is broadcasting its SSID and where a client is connected. If the network is protected with encryption then yes you'd still need the key to gain access, which is why MAC filtering is IMO near-useless but only really dangerous if it's used as protection for an open network.

Bint Box · 29 Jul 2010 at 11:42

benftl said:
A network that is broadcasting its SSID and where a client is connected. If the network is protected with encryption then yes you'd still need the key to gain access, which is why MAC filtering is IMO near-useless but only really dangerous if it's used as protection for an open network.

OK, thx for the clarification. One last question, if the network is not broadcasting its SSID but is open, ie, not WPA/WPE password protected then am I correct in assuming that MAC sniffing is still not possible?

It seems that MAC sniffing is only possible on a non WPA/WPE password protected network that is broadcasting its SSID ?

Rgds
Binty

arknor · 29 Jul 2010 at 12:27

my networks invisibe , mac filtered , only lan computer can connect to the login page.

never had a problem in about 6 years so guess im safe

Caged · 29 Jul 2010 at 17:45

You'd be just as safe running the SSID visible, WPA2-AES and with MAC filtering disabled.

All that MAC address filtering and hidden SSIDs do is make it more difficult for you to connect to your own network.

J.B · 30 Jul 2010 at 07:55

Bint Box said:
It seems that MAC sniffing is only possible on a non WPA/WPE password protected network that is broadcasting its SSID ?

MAC address are broadcast 'in the clear' regardless of what encryption or hidden SSID measures you take.

If you are intrested on how its done you could probably find some youtube videos of someone using airdump-ng.

The best thing a home user can do is have a good WPA passphrase, use a random string generator or something obscure as WPA is still vulnerable to an offline brute force/dictionary attack.