Re: [fw-wiz] Link level security with static arp tables

From: Luke Butcher (luke.butcher_at_alphawest.com.au)
Date: 10/14/03

  • Next message: Sloane, David: "RE: [fw-wiz] Link level security with static arp tables" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 14 Oct 2003 09:06:15 +1100

    On Sun, 2003-10-12 at 23:32, Debian User wrote:
    > I need to limit access to the gateway according to allowed MACs, ie Ethernet
    > frames from allowed MAC addresses are forwarded to and fro in the gateway,
    > but others will be dropped (and logged if possible).
    ...
    > Any solutions?

    You could look into 802.1x MAC Authentication type solutions. Normally
    these however are implemented at a switch level.

    Generally EAP/LEAP/PEAP type stuff is normally associated with wireless
    but the concepts apply to any publicly available connection mechanism.
    It's used to secure the first point of entry into the network.

    Luke Butcher
    Network/Security Consultant
    Alphawest 

    --
Alphawest Disclaimer
---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster@alphawest.com.au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Sloane, David: "RE: [fw-wiz] Link level security with static arp tables"

    Relevant Pages

    • Re: IpTraffic encloded in EthBroadcasts should be routed
      ... The Sender doenst know the gateway IP and also not the ... :Gateway mac. ... Thats the reason why Its an broadcast. ... You mean something like ICMP Router Discovery, ...
      (comp.dcom.lans.ethernet)
    • Re: Convention User Woas
      ... gateway, they're not able to reach off the LAN either, as most operating ... Where they st00pid enough to not spoof the MAC address as well? ... If this is a _wired_ network, you can set your switch so that it knows on ... with some APs you can set them so there is no client to client traffic ...
      (comp.dcom.lans.ethernet)
    • Re: Wireless laptop roaming through various access points
      ... Whichever interface has the default route pointing to it, ... It is possible to assign more than one default gateway in the ... What needs to change is the ARP table, which maps the MAC address to ...
      (alt.internet.wireless)
    • Re: Network Horror
      ... >gateway, and I have tried a route add 0.0.0.0 through the same gateway ... but WinME and WinXP machines can not. ... The IP gets the MAC and communications are MAC to MAC so if you ...
      (comp.unix.sco.misc)
    • RE: [fw-wiz] Link level security with static arp tables
      ... > I need to limit access to the gateway according to allowed ... according to MAC address" is a techical requirement, ... > tables in clients is ...
      (Firewall-Wizards)