[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MAC address and Firewall rules

Den 14-Apr-00 skrev Tamas TEVESZ:

>> Maybe you could play around with arp to "disable" the MAC
>> addresses you don't want to route?  I don't know how reliable or
>> secure it would be if you can, though.
[ ifconfig(8) sets HW-addr]

Obviously it's only usefull in certain types of networks. For example if you
have a switch with hardwired HW-addrs. (There are such switches.)

Or if you only let through a few HW-addrs of machines that are always up,
this should be reasonably safe. (At least you'll be able to tell something
was done from the warnings on the machine whose HW-addr was stolen. Provided
you can lock HW/IP-pairs his TCP/IP-stack will probably be quite confused
from sharing its IP, perhaps enough to make it unusable.)

Reply to: