On Wed, Apr 25, 2018 at 7:30 AM, Louis Kowolowski <lou...@cryptomonkeys.org> wrote:
> MAC filtering is a low bar, for sure. However, its still a bar, and it > will trip some people. > 802.1x is much better. Captive portal may be reasonable, depends on what > the capabilities of the AP are. > If you want to keep people from using a wireless network, using WPA2 and a Pre-Shared Key (PSK) is probably good enough for most people. MAC filtering is a useful tool in some cases, but it's primary utility is where you have an intentionally open network and there is someone in particular abusing it. Depending on the problem, you might better filter at the routing layer instead. In my experience with Personal Telco Project, back when we used to need to occasionally intervene with bittorrenters, a very small minority of people know how to change their MAC address. I think I encountered 3 people who were abusing our networks and also able to change their MAC address, and it turned out in every case there was a solution to that problem also (ask me in person for details). I haven't needed to block anyone on any of our 60-odd Personal Telco networks in probably 18-24 months. I'll just comment here that beyond the public-benefit component of Personal Telco Project networks, the primary value-add of using us over just buying a router off the shelf and plugging it in (which works too), is that the firmware we put on the router hardware includes management tools not normally available. If there is someone abusing a network (intentionally or unintentionally), we can diagnose and create a tailored remedy beyond the blunt instrument of just turning off the network or changing the PSK again. -- Russell Senior, President russ...@personaltelco.net _______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
