How secure is port forwarding via mac address?

Discussion in 'Tomato Firmware' started by venture, Apr 15, 2008.

  1. venture

    venture Addicted to LI Member

    A bit of a newbie here, so forgive me if this question is obvious or not clear.

    I have enabled Windows Remote Desktop on an old home machine that has a TV Tuner card, so I can remotely schedule recordings. I've set a variety of protections on that machine (changed the listening port; machine gets locked down if wrong password is input, etc.). I'd like to set something up on the router, too, which is using Tomato.

    If I set up the port forwarding (for Remote Desktop), so that the router will only forward inbound remote connections from my work computer and my laptop (using their mac address), is that reasonably secure?

    I know, for example, that in a wifi setting, it is fairly easy for someone to intercept and spoof a mac address to get around mac address filtering. Can someone do the same on an incoming remote connection to the router via the internet? Or does Windows Remote Desktop encrypt that traffic somehow?

    If the mac address that is sent in a Remote Desktop session can be intercepted, how likely is it? Would the person trying to intercept it need to know that the particular incoming connection is trying to make a remote connection?

    Thanks for any answers. I hope the question makes sense.
  2. nvtweak

    nvtweak LI Guru Member

    This would only work if both MACs were visible to the router. But the internet does not work like this. Communication between two machines on the internet does not use MAC addresses as a source/destination address, they use IP addresses.

    For example, if you were to remote desktop into your LAN from another PC on the internet, you will NOT see that internet PCs MAC address. You will see the MAC address of a different device attached to the same Ethernet segment as the router.
  3. venture

    venture Addicted to LI Member

    Ah, good to know. Thank you. You saved me a lot of wasted time. I guess I need to stick with limiting port forwarding to the work IP address, or not limit it at all.

    (Am I understanding that right?- there's no way to create a rule to allow only my laptop to Remote Connect via port forwarding, when I'm away from home for example, unless I either know the IP address where I'll be and set it up before I leave home, or unless I turn off the port forwarding restriction).
  4. You could turn on the Remote Access function of the router and then enable/disable the port forward rule via the GUI when needed.
  5. venture

    venture Addicted to LI Member

    Cool, thanks.
  6. nvtweak

    nvtweak LI Guru Member

    If you use remote access make sure that you use the encrypted version HTTPS or SSH.

    Do not use HTTP, because your password is transmitted in clear text. That would just make security even weaker.
  7. Definitely. For some reason I thought that it was HTTPS by default/only choice.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice