RE: MAC Authentication device

arek_at_chelmnet.pl
Date: 11/21/03

  • Next message: Adam Newhard: "Re: What is the meaning of BIT in Encryption" 
    To: "Security-Basics@Securityfocus. Com" <security-basics@securityfocus.com>
Date: Fri, 21 Nov 2003 17:29:55 +0100

    The best would be a switch which is looking onto DHCP packets on each port
    and therefore it should verify if the port is permitted to send any packet
    other than DHCP request.
    After he recivied a DHCP reply, he permit's port to send any packet with
    before used MAC/IP_HEADER as was typed by DHCP server.

    That way security work's internet via CABLE_TV modems.

    It is for instance host authorization command,,,

    I think that it is the simpliest way,,, but, i have never seen such
    switches...

    > >> Can anyone recommend a device that will do MAC Address Authentication
    > >> before allowing a user/computer to connect to the network. This is
    > >> different then MAC Address filtering, which allow or disallow access
    > >> to the Internet for the the systems that are already on the network.
    > >>
    > >> I am trying to find a cheap device that will help me control
    > >> non-employees accessing our trusted network.
    > >
    > > Managed switches may allow you to do so (i.e. will block the respective
    > > port if the MAC address doesn't match), but AFAIK they are going to
    > > cost. Also keep in mind that MAC addresses can be easily spoofed.
    > >
    > > Regards
    > > Ansgar Wiechers
    >
    > managed switches can be used for this issue, but you have to keep in mind
    > that even these might be crackable (via MAC flooding -- overload the
    > switches MAC table(s) makes them escape to a mode that equals a
    > hub/mutliport repeater)...

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Adam Newhard: "Re: What is the meaning of BIT in Encryption"

    Relevant Pages

    • Re: DHCP Strangest Problem I ever Seen in my life
      ... I debuged the switches and ... transmitting the DHCP discover etc? ... > 100 MB port fast ... DHCPDiscover (from client) ...
      (microsoft.public.win2000.networking)
    • Re: Regarding dhcp client problem
      ... I have captured the packet information from the device. ... win2k dhcp server sends ... But the dhcp client in the device is not receiving the offer at ... User Datagram Protocol, Src Port: bootpc, Dst Port: bootps ...
      (comp.arch.embedded)
    • Re: DHCP Strangest Problem I ever Seen in my life
      ... Catalyst 3550 all the ports in all the switches are set to full duplex and ... 100 MB port fast ... network and the clients don't send a single packet to the dhcp, ... > DHCPDiscover (from client) ...
      (microsoft.public.win2000.networking)
    • Re: suffering from poor network performance...
      ... Switches are smarter and often have external management interfaces, ... they keep track of each port individually in terms of speed and duplex ... broken traffic to all listeners the way a hub does, ... regenerating packet timing and permitting much larger topologies. ...
      (freebsd-net)
    • RE: Restricting DHCP addresses to known MACs via Win2K DHCP server
      ... Port security isn't just available on cisco...it's available on many ... For example on 3COM SuperStack switches you can set security ... Restricting DHCP addresses to known MAC's via Win2K DHCP ...
      (Security-Basics)
    Loading