Re: MAC address change
On 22 Jun 2003 at 13:54, Adam ENDRODI wrote:
> How widely do you think changing the MAC address of a NIC via
> ``ifconfig <if> hw'' is supported by the various network cards
> and drivers out there nowadays?
>
> My collegue and me have debated several times whether watching
> the LAN for non-matching IP-MAC pairs can reveal any useful
> information. I argued that it may not, since the MAC is easily
> alterable, but he objected, because it's not. Now I ask you to
> decide who is right.
Afaik all MII-capable networkcards can change their MAC address. And
since most are compatible these days :-) I haven't tried it on a
wider range of cards myself but changing MACs should be too much of a
problem.
All you could do is monitor the MACs / IPs on your network and see if
there are any changes which might give you a hint that somebody
changed a PC (plugged his laptop into the company-network or so).
Afaik there are some packages out that do such monitoring for you.
Optionally you could configure MACs in your switch (if you gotta
Cisco or the like). Put it in "learn mode" so it learns the macs on
all ports and then say "lock ports to these MACs" and you're done.
When somebody tries to access the network with a different MAC you
can afaik block that port "forever" - even if later he tries to fake
the MAC. But you can't really make it secure.
If you're thinking about an "untrusted" network (where the MACs might
change) you could think of installing a VPN-gateway which
authenticates users by tokens stored on the PCs. This way - even if
someone fakes the MAC - he won't get through that gate. But thats a
special case you have with e.g. wireless connections.
Stefan
Reply to: