EH-Net

Hi
  I am a new member to this site and I have a question about Wireless Security.  I have been using MAC Address Filtering within several Routers as a low overhead and secure means of limiting access to my Home Network and several of my friends.  My question is: "Can such a Security approach be really secure or can MAC addresses be Spoofed?"
  I do not use WEP or WPA encryption, just the MAC filtering.  I would appreciate any information on this topic.
  Thanks...
Robert

MAC addresses can be easily spoofed. Every operating system provides features to change your MAC address http://www.tech-faq.com/how-to-change-a-mac-address.html  http://en.wikipedia.org/wiki/MAC_spoofing
You can even make use of tools to spoof your MAC address.

Follows the "defense-in-depth" approach and employ every possible measure to secure your network, so that if one defense is broken the other stops the attacker.
Use encryption too, otherwise your network is susceptible to sniffing.

Welcome to the forums :)

It's actually trivial to sniff and spoof MAC addresses, so you're really only protecting yourself from very casual users. You really should be using WPA or WPA2. Anyone within range can see everything you're transmitting over the wireless network. WEP is broken and can be circumvented in minutes.

Edit: Aw, lost by 52 seconds :(

thats right with airodump u can analyse packets from AP to users and from them to the AP and when connection established from the users u can get their mac so easy and then deAuthnticate them and spoof the mac to go in

how ever with more secure WPA2 u might be safe

You should also make sure that your WPA v.2 encryption phrase is not easily dictionary cracked.  Don't use anything that has to do with your family, address, etc.  I use a random set of alphanum chars.  I view a wireless network as an incident waiting to happen and treat it as such.

No doubt.  Any time you have a network that can be accessed without having to physically plugin, it's only a matter of time before someone will TRY to get into it.  While they may not (if you follow advice, like Ketchup's, etc) get in, the best policy is to really understand the 'best practices', follow them to a tee, then go as much further as possible, to ensure your security is as 'effective' as possible.

You guys know about this, right?

https://www.grc.com/passwords.htm

I've personally set mine to a nonsensical passphrase. It contains a complex character set, yet is easy to remember and enter into things like a Wii, iPhone, etc.