Re: [fw-wiz] MAC blocking

• Previous message: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
• In reply to: Eric Appelboom: "[fw-wiz] MAC blocking"
• Next in thread: Chris Byrd: "Re: [fw-wiz] MAC blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Eric Appelboom <eric@mweb.com>
Date: Mon, 28 Nov 2005 16:27:49 -0500 (EST)

On Fri, 25 Nov 2005, Eric Appelboom wrote:

> Hi
>
> I would like to white list known MAC address on a subnet and block\deny
> any new MACs.
> If a new MAC is seen the firewall it should not allow that MAC to pass
> traffic out that segment\vlan.
> A similar concept to MAC address locking on Wifi AP's
>
> It would be great to have this as a feature on a protected segment of a
> firewall.
>
> One could script a diff on files containing arp entries and then arp
> poison the IP associated
> to the new MAC (not the correct way) or spoof or bind the offending MAC
> with ifconfig\macmakeup\SMAC and bind to secondary interface.
>
> Any better ideas? (no 802.1x NAC\NAP please)

Turn off dynamic ARP and use static ARP mappings. It doesn't stop someone
from MAC spoofing, but it's workable if your switches don't support MAC
locking at the port level. Obviously you have to share layer 2 for it to
work...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
• In reply to: Eric Appelboom: "[fw-wiz] MAC blocking"
• Next in thread: Chris Byrd: "Re: [fw-wiz] MAC blocking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]