Re: [fw-wiz] MAC blocking

From: Chris Byrd (cbyrd01_at_gmail.com)
Date: 11/29/05


To: Eric Appelboom <eric@mweb.com>
Date: Mon, 28 Nov 2005 17:00:30 -0600

If you are avoiding 802.1x and NAC/NAP due to cost of replacing
existing switches, you might consider (assuming a largely Microsoft
environment) what Microsoft calls "Domain Isolation" using IPsec:
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx
http://blogs.msdn.com/James_Morey/

I'd stay away from any MAC based solution, as spoofing a MAC address is trivial.

Chris

--
www.riosec.com
On 11/25/05, Eric Appelboom <eric@mweb.com> wrote:
> Hi
>
> I would like to white list known MAC address on a subnet and block\deny
> any new MACs.
> If a new MAC is seen the firewall it should not allow that MAC to pass
> traffic out that segment\vlan.
> A similar concept to MAC address locking on Wifi AP's
>
> It would be great to have this as a feature on a protected segment of a
> firewall.
>
> One could script a diff on files containing arp entries and then arp
> poison the IP associated
> to the new MAC (not the correct way) or spoof or bind the offending MAC
> with ifconfig\macmakeup\SMAC and bind to secondary interface.
>
> Any better ideas?   (no 802.1x NAC\NAP please)
>
> Regards
> Eric
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards