MAC Addresses and Filtering

MAC Addresses and Filtering
MAC addresses are one of those terms that few people know, but many could benefit from learning. While some people equate them to a Macintosh computer, others know this unique bit of information can help define your wireless network. (Includes two flash tutorials on MAC addresses.)
In the past several years, network vendors have done a better job of telling consumers about security. Many articles have suggested steps such as changing administrator passwords,SSIDs, and enabling WEP or WPA security modes. Another layer of protection is MAC filtering. Using MAC filters in combination with WEP or WPA security can deter some hackers. You might think of MAC filtering as adding a deadbolt to the latch bolt on your front door.
What is a MAC Address?
As with many technical terms, MAC is an acronym. It stands forMedia Access Control address. This is a 12-character address that maps to a physical component such as your broadband router, wireless access card, network card and so on. The number is unique with the first half of the address representing the device manufacturer. For example, a MAC address starting with 00-06-25 is identified with Linksys.
Since the MAC address is unique, it can be used as a filtering mechanism to keep devices on or off your wireless network. Most 802.11 wireless networks will allow or deny access to specific MAC addresses. On my Linksys router, I enabled MAC filtering and entered the three MAC addresses that I want to connect to my network. Each of these MAC addresses belongs to a device that I use. If a device tries to connect with a MAC address that is not on that list, it will be blocked.
How to Find a MAC Address
Perhaps, the hardest part of using MAC filtering is finding the device addresses. On most Windows systems, you may find this information using the following steps:
1. Click Start
2. Select Run
3. In the Open: text box of the Run dialog, type cmd
4. Click OK.
5. At the DOS prompt, type ipconfig/all
6. Press Enter
Your computer should display a dialog similar to the one below.The line labeled "Physical Address" represents the MAC address. In some cases, you may see more than one MAC address. As example, with my notebook, I can see two addresses. One represents the built-in Ethernet card and the other my wireless network card.


Using MAC filters in conjunction with WEP or WAP security on a wireless system is a stronger solution that will deter some hackers. One disclaimer about MAC filtering is it isn't foolproof which is why it shouldn't be used as the only security measure. The reason is MAC addresses can be cloned. Sometimes people need to clone MAC addresses because of ISP configuration issues. The same mechanism that allows you to change a MAC address for your device also works for a hacker.
As with most security intrusions, the harder it is for someone to break in, the less apt they are to try. Adding an extra security layer increases the time and equipment needed for a hacker to compromise your network. Since there are still many insecure wireless networks, it seems likely hackers will start there.
Editor's Update: A lot has changed since we wrote this piece. The addition of MAC filtering should not be considered as another protection layer. It has become too easy for hackers to get valid addresses. If possible, we would also strongly encourage you to upgrade from WEP to WPA2. If your router does not have WPA2, you should check the manufacturer's site to see if a firmware update is available.