Re: Security Appliance With 12 Network Segments



In article <io9t2u$b0g$1@xxxxxxxxxxxxxxxxx>, news2009@xxxxxxxxx says...

On Fri, 15 Apr 2011 12:42:55 -0400, me again wrote:


What if I setup my own address including the mac address?

DHCP can limit itself to "MAC" numbers it has been given. "MAC" numbers
are not really addresses at all, just ID numbers.

I know, thats why I'm interested how he might prevent an attack like that.

For it to work you have to program your NIC with a MAC on the approved
list. Sure, you can make them up, but if they don't match what's been
approved it won't do you much good.

The DHCP limit is a fair security measure, except that various device
can "clone" a "MAC" number, thus making this feature pretty useless.
Programming in the MAC addresses is also an administrative nightmare

OK, you can record those adresses easily that shouldn't be the issue, I
just wonder if coworker a is on vacation and I can't access his computer
(lets assume I would need a token), what happens if I connect a laptop to
the network and use his MAC.

If you can't access his computer then you won't know what his MAC is.

It's more a theoretical idea then a practical since I would have to
try every possible combination and wait if the dhcpd sends me an
address.

Look around google, there are a few ways to implement it that provide
basic blocking to unknown devices, it's not a nighmare at all, it's
actually just a few minutes work.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.



Relevant Pages

  • Re: More on apps, shelf space
    ... The system could trust Spotlight plug-ins and Input Managers that ... even Apple provides installers for their products. ... Carbon apps are out in the cold. ... thing is a very rare case on the Mac platform. ...
    (comp.sys.mac.advocacy)
  • Re: Cannot assign Mac permissions in trusting domain
    ... >> The environment is Windows 2003 Active directory in mixed mode. ... >> We are running WINNS in the 2child domains. ... >> default child trust between each domain and the forest root and there is ... I can go into the Mac permissions on each folder and set ...
    (microsoft.public.macintosh.general)
  • Re: Cannot assign Mac permissions in trusting domain
    ... >> The environment is Windows 2003 Active directory in mixed mode. ... >> We are running WINNS in the 2child domains. ... >> default child trust between each domain and the forest root and there is ... I can go into the Mac permissions on each folder and set ...
    (microsoft.public.win2000.macintosh)
  • Re: [PATCH][RFC] Simple tamper-proof device filesystem.
    ... The device nodes have to be deletable if some process (including udev) needs ... If MAC system needn't to support this filesystem's functionality, ... If udev is exploited, who can guarantee? ... If you can trust userland application, ...
    (Linux-Kernel)
  • Re: Humble Contribution
    ... you should be able to trust a MAC based on a single hash ... A secure hash is overkill in some respects so we should be ...
    (sci.crypt)