Question about security and hardware firewall option

Discussion in 'hardware' started by winterlord, Oct 3, 2009.

Thread Status:
Not open for further replies.
  1. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    hello, i have a problwem i am desperatly tryin to figure out the best course for me. It is about a feature in my hardware firewall called Mac Spoofing, I have a cysco RVS4000 corprate security firewall i bought it for my house, because i get really paranoid about the internet, wich i cannot help but be paranoid due to my disbility and psych disorder. i have searched all over google but all i have found is reasons people use mac spoofing, but i have not yet found anything, saying if Mac spoofing makes you safer or more at risk. spoofing my mac adress via a option in the firewall, sure i can be used to gain access to other things like used in a corprate environment but i have no use for that. but i do have use for security. this is a very imporetant question for me because on one hand if mac spoofing can hide my pc from hackers ect great, but on the other hand snce most viruses hackers ect piggy back on a known port like port 80, well i dont want the spoofing of the mac adress open me up, or for it to somehow be used against me by any security threat not sure if this can be done or not but i would love to know.

    does it make me safer or less safe? that is my only use and/or question

    any help would be greatly appreciated.

    thanks
    winter
     
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,270
    Location:
    Nebraska, USA
    The problem with irrational paranoia is it causes folks to come to irrational, and incorrect conclusions. Read your Cisco manual. Note in chapter 3, page 4, the ONLY Place in the manual it talks about MAC address spoofing. No where does it say this is a "feature" of that router. It is not a feature. It is a simple technique used by IT administrators and "wannabe" hackers to spoof their target's MAC address. Anyone, anyone can easily spoof a MAC address.

    Why do IT admin do it? Understand the a MAC address is "supposed" to be a unique identifier for networked hardware - typically, a network interface card (NIC), as found in any computer, router, print server, gateway device, and more. EVERY piece of network hardware in the world, ever made is supposed to have a unique MAC address burned into a memory device (firmware) in that hardware. There are nearly 1Billion Windows computers out there - most have network/LAN connectors (NICs). There are millions and millions of Apple Macs, UNIX systems, routers and more, made by countless numbers of makers. Sometimes, it just happens and two pieces of hardware have been assigned the same MAC address. This causes problems when they are on the same network. So admin simply changes (spoofs) a different MAC address and every one is happy - computer A gets data intended for computer A, and computer B gets data intended for computer B.

    In other words, you already have a great router. It is NOT a wireless router, and for the paranoid, that's perfect. It is much more difficult to hack into a wired network, and even more so for a network behind a router. Whereas with a wireless network, the whizkid next door, or wannabe hacker out in the bushes (or way down the street with a directional antenna) can see the wireless signal and see the data packets (and MAC address) just as easily as if they plugged a Ethernet cable into your router (that does not mean the data is usable, or compromised - just accessible). For other's reading, that's not to say wireless networking cannot be secure - it just takes a lot more effort to secure it, and discipline to keep it secure.

    So, bottom line. Changing your MAC address does not make you safer or more secure. You have a nice router. Make sure you change the default password. Use a (as in 1) software based firewall on each computer on your network. Keep your systems patched and updated. Use, and keep current, a real-time anti-malware scanner at all times. Use a spam blocker. Never click on unsolicited links or open unsolicited attachments or downloads without scanning first. Avoid risky behavior that takes you to sites badguys are known to wallow in such as illegal porn and gambling sites. And especially do not participate in illegal filesharing and downloading of copyrighted materials (songs, videos, and other published documents) on P2P sites.

    That's not paranoia, that's common sense, and applies to everybody. We are ALL targets. Even if we don't have anything on our computers badguys want, they will be happy to use our computers to hurt and attack others.

    BUT... ...Hackers are lazy opportunists. They are 1/2 a world away. They don't know their targets. They know there are millions of users out there that are at the opposite extreme from you; not paranoid about security, but totally dismissive about it. Those people make me paranoid! ;) Hackers, being opportunists, seek crimes of opportunity - the low hanging fruit that's everywhere. If you are behind a router, using a firewall and anti-malware software, keep your systems patched and updated, and you avoid risky behavior, your fruit is at the very top of the tree, and not worth a hacker's effort to try an pick it.
     
  3. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    ok well this helps me and thanks for the reply. i was just wonderin about the feature cause i dont know what all it is used for other then its used in big companies, just wondered if by it randomly changing mac adress every so often even found id be difficult to re-find without a trojan on the machine. but they prolly use ip adress for that. sine only 2 pc's here.

    and just for clarifaction this firewall it is a feature. it says turn mac spoofing on turn mac spoofing off. then underneath it in red it says

    "please contact your ISP before turning Mac Spoofing on because some ISP's do not allow this.

    so it has the works's, i was'nt kiddin when i said i bought a above average corprate firewall, just for security at home. i do understand food chain thing, that hackers go after weaker targets so they dont waste time. but it's always good to utilize any and all tools you have. i just have to figure out each feature one by one i think i know all the features and what they do for this firewall now. but it has so much that sometimes i run across somthin and i decide i want more clarrifaction on what it does, since i dont know all the advanced aspects of networking, just very basic stuff.
     
  4. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,270
    Location:
    Nebraska, USA
    What firewall? I am just going by the RVS4000 User Guide, as found here. Again, the only mention of spoofing is as I noted earlier. Is that the right model number? Where does it say that?

    At any rate, it is as noted, necessary for the ISP to know what your MAC address is, or at least what you are using.
     
  5. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    yea its the right model number. it mentions spoofing alot in the manual. search pdf file. it seems that it is centered alot around VPN's but what realy dont make since is why they put this in there

    1) MAC Address Spoofing
    Packets transmitted over a network, either your local
    network or the Internet, are preceded by a packet
    header. These packet headers contain both the source
    and destination information for that packet to transmit
    efficiently. A hacker can use this information to spoof
    (or fake) a MAC address allowed on the network. With
    this spoofed MAC address, the hacker can also intercept
    information meant for another user

    so yea it's prolly not a feature for me. however in the manual it talks about it alot centered around VPN, but in the display menu inside the firewall, it is not under the vpn tab. it is under the advanced networking tab. so idk but that what is above is in the manual and confuses me alot. cause yes it is a feature. mac cloning is another feature it has. kinda curios why it is a feature and yet they mention this above. lol. also the manual may not have everything in it. hard to say but not asure if firmware adds new functiality but its had alot of firmware updates. anyways i think i may just leave it off.
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Page 13...chapter 5, is ANOTHER place they talk about MAC. Linksys (and many other broadband routers) technically call it "MAC cloning"...not "MAC spoofing"...but technically the definition of MAC spoofing is "technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one." which is also pretty much what MAC spoofing is, ergo there is ANOTHER place in the manual they talk about changing of the MAC.

    It is a common feature on broadband routers, for lazy people who don't want to take the time to register the MAC address of a new device with a- their cable modem, or b- with their ISP.
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,270
    Location:
    Nebraska, USA
    My mistake - I was caught off-guard by winter's reply when he said matter-of-frankly,
    The rest of my comments stand. Spoofing (or cloning) your MAC address will not make you safer.
     
Loading...
Thread Status:
Not open for further replies.