RE: [fw-wiz] Blocking MSN (and any other service for that matter)

From: Chuck Vose (vosechu_at_roman-fleuve.com)
Date: 04/24/04

  • Next message: Bennett Todd: "Re: [fw-wiz] Stanford break in"
    To: firewall-wizards@honor.icsalabs.com
    Date: Fri, 23 Apr 2004 18:56:14 -0700
    
    

    On Fri, 2004-04-23 at 05:53, MHawkins@TULLIB.COM wrote:
    > So what if someone has a changeable MAC NIC?
    >
    > Step 1: Break through physical access and get yourself a Ethernet port to
    > connect to.

    Lets imagine something a little less far fetched. Wireless access point
    with spoof-able MAC, hooked onto the back of your computer so that you
    can use remote desktop because the admins refuse to let you do it
    through the firewall.

    > Step 2: Attempt to connect. Ethernet port shuts down almost as soon as you
    > connected.

    Sure why not. Any brands come to mind that shut off a port when the link
    is broken? I'm intrigued.

    > Step 3: Since you are very technically competent you recognize the
    > possibility that MAC level security is in place.

    Ok, but I said "could cause lots of problems" not will obviously
    invalidate this method. MAC level security could make this situation
    very possible, but is it more work than some of the alternatives?

    > Step 4: You conclude it will be far easier to steal time at a host that is
    > already within the network rather than attempt to guess a valid MAC address.

    When 70% of attacks are from insiders, why would I (being a disgruntled
    employee) need to guess at all. Let's just run ipconfig and figure it
    out.

    You seem to be on the defensive about this, have I said something to
    make you think I'm attacking the idea of mac based VLANing?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Bennett Todd: "Re: [fw-wiz] Stanford break in"