SCIENTIFIC-LINUX-USERS Archives

April 2010

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: MAC based server
From:
John Rowe <[log in to unmask]>
Reply To:
John Rowe <[log in to unmask]>
Date:
Tue, 27 Apr 2010 13:18:15 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
On Tue, 2010-04-27 at 07:58 +0100, Dr Andrew C Aitchison wrote:

> [ Don't forget that anyone with admin right on a machine can change the mac
>    address - see eg http://www.topbits.com/how-to-change-a-mac-address.html
> ]
> 


> iptables has options to allow packets based on the source mac address
> but, as I said, if the packet has been through a router since it left the 
> machine you wish to control then the address in the packet will not 
> belong to the machine you are interested in.

Another option is to restrict by netmask and to hard-code all the MAC
addresses in /etc/ethers, including dummy entires for any unused IP
addresses.

If you want real security buy a network access control device, $$.



John

ATOM RSS1 RSS2