Bino,
I gotta go inline below.................
At 15:32 04/24/2009 -0700, you wrote:
According to the DGL-4300 manual (found the pdf online) the Filter settings
section (Advanced -> MAC Address Filter) lets you pick from filtering
wireless and wired clients separate from each other p.39).
OK. Fair. I will go back to the docs once again.................. :)
John is right that some routers usually only let you do it for wireless
clients, but as it turns out yours definitely let's you do it for both.
I am going to, ATM, trust you on this.................. :)
My router did/does NOT give me a choice between WLAN / LAN............
Oh and btw, your understanding of the MAF you wrote below is completely
wrong (just fyi).
OMG!!! Please enlighten........
What you described was NAT (Network Address
Translation)-that's what takes the PCs on the private address space of your
home network and translates them into the public IP that gives them access
to the internet. And it's NOT 2-way; i.e. just b/c the PCs can access the
internet, that doesn't mean that things on the internet can access your PCs.
Thanks Bino. No. I do believe that NAT is THE clear concept here......
All my router's since 199x have use NAT. Perhaps NAT has changed.......
Perhaps I may dick with it a bit, but I do believe I know what NAT logic
still purports to do......even with SPI now!!...... :)
So the MAF restricts who can get ONTO your network in the first place.
Typically it's more interesting/useful for wireless networks since anyone
can try and connect to your network that way, whereas it's a little harder
for random people to get the physical access to plug a cable into your
router/switch! ;)
Yes, and this is why I still do NOT play Wire-less............... :)
But you can also use it for wired connections just to be uber-safe/paranoid,
but it's almost kind of useless at that point-like I said if people have the
physical access to plug cables into your router/switch ports, you kind of
have bigger problems than worrying about whether you've got MAF enabled, you
know? ;)
Well, NO. Please explain. I missed something. No one external to my home
has access to my LAN,...that I believe, ATM. Access to my LAN is either a
physical connection to my TSID, or, inside my home............Unless, I
have grossly missed somthing............... ;)
Best,
Duncan
P.S. HWG email has been spotty for some time.....Stuff happens. The BIG
PERSON only knows what is going on.......... :) I read this as
"dead-time." But, that is JMHO.
BINO
P.S. I haven't been getting any HWG emails to my hotmail.com account since
4/12/09--none at all. Anyone else on hotmail having this problem? I also
have it sent to my gmail account and that's how I even saw this message...
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of DHSinclair
Sent: Friday, April 24, 2009 2:58 PM
To: [email protected]
Subject: Re: [H] MAC Address Filter
John,
I so appreciate your share. BUT, it seems to be focused at
Wire-less/AccessPoint/WLAN business.............?
I do get this for a LAN that has WLAN access. I do NOT. Still moderately
confused.......
Is MAC Address Filter really ONLY good for WLAN?
I freely accept that my current router is totally focused toward
WLAN! And, Gaming! Neither of which I use it for. I bought it on the
recc from HayesElkins.............
Best,
Duncan
At 14:22 04/24/2009 -0700, you wrote:
>Most Wi-Fi access points and routers ship with a feature called hardware
>or MAC address filtering.
>This feature is normally turned "off" by the manufacturer, because it
>requires a bit of effort to set up properly.
>
>However, to improve the
>security of your Wi-Fi LAN (WLAN), strongly consider enabling and using
>MAC address filtering.
>
>Without MAC address filtering, any wireless client can join (authenticate
>with) a Wi-Fi network if they know the network name (also called the SSID)
>and perhaps a few other security parameters like encryption keys.
>
>
>When
>MAC address filtering is enabled, however, the access point or router
>performs an additional check on a different parameter. Obviously the
>more checks that are made, the greater the likelihood of preventing
>network break-ins.
>
>To set up MAC address filtering, you as a WLAN administrator
>must configure a list of clients that will be allowed to join the
>network. First, obtain the MAC addresses of each client from its
>operating system or configuration utility. Then, they enter those
>addresses into a configuratin screen of the wireless access point or
>router. Finally, switch on the filtering option.
>
>Once enabled, whenever the wireless access point or router
>receives a request to join with the WLAN, it compares the MAC address
>of that client against the administrator's list. Clients on the list
>authenticate as normal; clients not on the list are denied any access
>to the WLAN.
>
>MAC addresses on wireless clients can't be changed as they are
>burned into the hardware. However, some wireless clients allow their
>MAC address to be "impersonated" or "spoofed" in software. It's
>certainly possible for a determined hacker to break into your WLAN by
>configuring their client to spoof one of your MAC addresses. Although
>MAC address filtering isn't bulletproof, still it remains a helpful
>additional layer of defense that improves overall Wi-Fi network
>security.
> --
>JRS
>[email protected]
>
>
>Facts do not cease to exist just
>because they are ignored.
>
>
>
>----- Original Message ----
> > From: DHSinclair <[email protected]>
> > To: Hardware Group <[email protected]>
> > Sent: Friday, April 24, 2009 1:42:04 PM
> > Subject: [H] MAC Address Filter
> >
> > I use a d-link dgl-4300 router. I have disabled the wire-less
> section. I only
> > do wired LAN business.
> > The router is currently at F/W v1.8. I do know that F/W 1.9 is
> available, but
> > as I read the docs, it seems to only deal with wire-less
> > business/bug-fixes........
> >
> > Can anyone point me to some reading about MAC Address Filters? I do
> have one;
> > and, I DO use it.
> > But, now have questions................ :)
> >
> > MyCurrentUnderstanding: I 'think' that my router's MAF is what allows
> my LAN
> > objects to gain access to the WWW (thru my router) via my Service
> > Provider.....(when enabled!)... Is this correct?
> >
> > AND, I accept that this MAF access is completely 2-Way, with agreed
> > comprehension of non-routeable IP-Addy's?
> >
> > I feel like I am walking into a black hole here. .... :)
> > Best,
> > Duncan
>
>__________ NOD32 4034 (20090424) Information __________
>
>This message was checked by NOD32 antivirus system.
>http://www.eset.com
__________ NOD32 4034 (20090424) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
