RE: Locking down a network connection to a single machine.

From: Ogle Ron (Rennes) (
Date: 05/12/02

From: "Ogle Ron (Rennes)" <>
To: "''" <>
Date: Sun, 12 May 2002 01:29:22 +0200

Yes, what you said is true, but if the embedded machine goes off-line then a
lot of people will know it.

My objective is really to try to make an Ethernet connection as secure as
possible without using encryption. So here's what the list came up with
which is pretty good and seem reasonable without much cost:

1. Do the ARP adjustments with ifconfig on the Sun box to limit MAC
2. Use a /30 netmask to limit IP addresses.
3. Use coax or fiber for the physical connection.
4. Make the line highly visible from end to end to thwart physically
tapping the line.

Thanks for the help!
Ron Ogle
Rennes, France

> -----Original Message-----
> From: Matt Collins []
> Sent: Wednesday, May 08, 2002 13:09
> To: Ogle Ron (Rennes)
> Cc: ''
> Subject: Re: Locking down a network connection to a single machine.
> On Thu, May 02, 2002 at 09:20:22PM +0200, Ogle Ron (Rennes) wrote:
> > I need to connect two machines via an Ethernet connection,
> but only what
> > these two machines to talk to each other. I'm going to use
> a cross-over
> > cable to do the physical connection. The other machine is
> not a standard
> > computer but an embedded system.
> Hi Ron,
> Just a brief note; you havent said what you're trying to achieve
> here, beyond "to ensure your sun only talks to the embedded device".
> If that's an accurate summary of your requirement then even hard
> coding MAC addresses isnt going to help if someone has access
> to the cable such that they could, for example, insert a hub (the
> risk model you describe).
> It is easy enough to provide a MAC address of your choosing; a
> hypothetical attack to make your Sun talk to another malicious
> device would be:
> Insert hub
> Snoop traffic
> Identify Sun MAC
> Identify Embedded MAC
> Configure malicious device to use snooped MAC
> Disconnect Embedded device
> Attach malicious device
> Obviously this can be extended for main in the middle attacks,
> data stream injection, etc,etc.
> Can you clarify what you're worried about a little?
> Matt