MAC Addresses and Filtering Devices

MAC addresses are one of those terms that few people know, but many could benefit from learning. While some people equate them to a Macintosh computer, others know this unique bit of information can help define your wireless network.

In the past several years, network vendors have done a better job of telling consumers about security. Many articles have suggested steps such as changing administrator passwords, SSIDs, and enabling WEP or WPA security modes. Another layer of protection is MAC filtering. Using MAC filters in combination with WEP or WPA security can deter some hackers. You might think of MAC filtering as adding a deadbolt to the latch bolt on your front door.

What is a MAC Address?

As with many technical terms, MAC is an acronym. It stands for Media Access Control address. This is a 12-character address that maps to a physical component such as your broadband router, wireless access card, network card and so on. The number is unique with the first half of the address representing the device manufacturer. For example, a MAC address starting with 00-06-25 is identified with Linksys.

Since the MAC address is unique, it can be used as a filtering mechanism to keep devices on or off your wireless network. Most 802.11 wireless networks will allow or deny access to specific MAC addresses. On my Linksys router, I enabled MAC filtering and entered the three MAC addresses that I want to connect to my network. Each of these MAC addresses belongs to a device that I use. If a device tries to connect with a MAC address that is not on that list, it will be blocked.

How to Find a MAC Address

Perhaps, the hardest part of using MAC filtering is finding the device addresses. On most Windows systems, you may find this information using the following steps:

  1. Click Start
  2. Select Run…
  3. In the Open: text box of the Run dialog, type cmd
  4. Click OK.
  5. At the DOS prompt, type ipconfig/all
  6. Press Enter

Your computer should display a dialog similar to the one below. The line labeled “Physical Address” represents the MAC address. In some cases, you may see more than one MAC address. As example, with my notebook, I can see two addresses. One represents the built-in Ethernet card and the other my wireless network card.

DOS IPCONFIG command showing MAC addresses

Using MAC filters in conjunction with other security settings on a wireless system is a stronger solution that will deter some from hopping onto your network. One disclaimer about MAC filtering is it isn’t foolproof which is why it shouldn’t be used as the only security measure. The reason is MAC addresses can be cloned. Sometimes people need to clone MAC addresses because of ISP configuration issues. The same mechanism that allows you to change a MAC address for your device also works for a hacker.

As with most security intrusions, the harder it is for someone to break in, the less apt they are to try. Adding an extra security layer increases the time and equipment needed for a hacker to compromise your network. Since there are still many insecure wireless networks, it seems likely hackers will start there.