http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

WPS is the feature that allows "easy" setup and is vulnerable to brute forces attack. Disabling WPS is actually reccomended if the router allows it. To spoof the MAC address of one of your devices would mean that it would need to be acquired by an attacker in the first place, then they would still need your WPA or WPA2 passcode.

The disadvantage to a MAC filter would be if you wanted to allow someone to use your WiFi temporarily ( a guest) or when you get a new device and you have to go and add the MAC address to the filter to allow it to connect.

I think I confused WPS with WPA.


When guests come to visit, I can always switch it back.

So, every device that has a Mac address would need to be input? Laptops, DVR and the Iphone?

I think most routers also allow a "blacklist", those not allowed to connect, as well. This is most useful if you want to annoy a specific person...

MACs, for the most part, are random values out of 2 to the 48th possibilities, so it's a game of keeping up with each device. Not much chance of getting a MAC spoofed, unless you allow the device out of your hands and into the hands of a determined attacker or connect to your attacker's network, where it could be recorded.

installed by an outside party. In that case, the technician would be aware of the MAC address.

Still, he would need to get the router's WPA encryption code.

Updated to add that I found this on the internet: "It is important to note that you CAN disable the WPS feature in the Advanced Configuration should you need to."

So I'm good to go.

Thank you!

It's utterly trivial on an open network; just put your laptop into monitor mode and you can see all the packets to and fro the open AP. Including the MAC addresses. Spoofing an already-active one may cause a collision, sure, but that's an awfully weak form of security. If you never have guests on your (encrypted) network, whitelists can't hurt, but they aren't really as much help as they can be made out to be.

If one knows that a MAC filter even exists, they are not going to be leaving security off unless they are deliberately asking for trouble. The OP was about a MAC filter disabling WPS, not WPA. I know that it says WPA, but the poster has already confirmed that it is WPS that gets disabled, not WPA.

Assuming you have a good password it's always the first and most secure option.

What router are you using, though? I have a Linksys WRT54 (the good old indestructible blue one) and it support stealth mode...it's under the Security tab, Firewall section, "block anonymous internet requests". I have it active, and I can turn on MAC whitelisting as well. I don't, because I let houseguests connect, but I could have both WPA2 and whitelisting enabled should I wish.

I had confused WPS with WPA. I have disconnected the WPS and now that you told me what the magic words are to look for to go into stealth mode, I will probably do that next.

Thanks!

Stealth mode may mess up your security camera though - that's an anonymous internet request.

Thanks again.