After the initial weaknesses of WEP were in the media and out in front of all the IT people, some of them started using MAC filtering as an interim solution until a standardized one was created. This filtering was not without its own problems. A MAC address can be easily changed. Some forms of Microsoft operating systems allow the registry to make these changes. UNIX variants also have an operating system setting to change MAC addresses. On top of both of these known methods to change MAC addresses, many point-and-click tools exist to perform MAC address changing.
All MAC addresses are also easily seen with a network sniffer. This means if someone was to employ MAC filtering in their wireless network, it could be broken as follows. The attacker would use a wireless sniffer to find what MAC addresses are talking on the network. Once this was determined, they could easily change their MAC address by any of the means above or with the help of an automated tool. Once they have changed their MAC address they can send a De-authentication frame to the original user or just access the network with conflicting MAC addresses. Either way, they have already circumvented the existing security.
