Re: arpwatch and more
On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote:
> On Fri, 16 Mar 101 12:28:54 -0500 (EST), Allen Ahoffman
> <firstname.lastname@example.org> wrote:
> >can someone tell me how to secure a network so that:
> >the router won't route traffic if the specific mac address isn't
> >registered before hand?
> Kernel 2.4 netfilter can make routing decisions depending on the MAC
> Please be aware, though, that the MAC address is trivial to forge
Hmm, how does a switch deal with the same mac address coming from two ports
at the same time?
Does that mean that we've lost the added security from ethernet switches? I
can see that if a switch was fooled into sending traffic to two ports that
could be a security problem, if security depends on the switching function.