[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security of a MAC adress??

To: <firewalls@Lists.GNAC.NET>
Subject: Security of a MAC adress??
From: "Pieter Grobler" <pieterg@absa.co.za>
Date: Tue, 15 Jun 1999 07:16:47 +0200
Cc: <cypherpunks@toad.com>
Sender: owner-cypherpunks@toad.com

At 11:10 14/06/1999 +0200, you wrote:
>How secure is a mac adress for satellite multimedia service. How does a
>fire wall use a mac adress
>to secure a web sever or network?

A MAC address can be easily spoofed (e.g. any PC can change its MAC
address),
it is a little less easy than changing its IP address, but, it is feasible.

Bottom line, never rely on a MAC address.

If you want so, a firewall can use static ARP table to statically map
a MAC address to an IP address (provided that the firewall is on the
same subnet as the IP host). You still need to prevent MAC spoofing
(which could be done by using specific hub or switches in port security
mode)

Hope this helps


-eric

>
>----------
>> From: Eric Vyncke <evyncke@cisco.com>
>> To: Jules <kluivert@tm.net.my>; firewalls@Lists.GNAC.NET
>> Subject: Re: IP significant bit addresses
>> Date: Friday, June 11, 1999 10:53 AM
>> 
>> Simple answer :-) the number after the '/' is simply the number of
>> bits in the netmask (aka as prefix length)
>> 
>> 172.168.10.0/24 means subnet 172.168.10.0 with netmask 255.255.255.0 (3
>octets with
>> 	255 => 3*8 = 24 of prefix length)
>> 172.16.51.50/32 means hosts address 172.16.51.50 (32 bits are used)
>> 
>> Just my 0.01 EUR
>> 
>> -eric
>> 
>> At 19:12 09/06/1999 +0800, Jules wrote:
>> >
>> >This is a newbie question, I've checked almost every resource available
>to
>> >me, but I still don't really grasp this concept, so if anyone can
>clarify
>> >it for me, I'd be grateful.
>> >
>> >How does one read addresses like 172.168.10/24 or 172.16.51.50/32 ?
>> >
>> >In particular, what does the slash signify what does it do in the above
>> >case(s).
>> >
>> >If this is anywhere off topic for the list, personal e-mail will do
too.
>> >Thanks in advance.
>> >
>> >Cheers!
>> >-J
>> >
>> >-
>> >[To unsubscribe, send mail to majordomo@lists.gnac.net with
>> >"unsubscribe firewalls" in the body of the message.]
>> > 
>> Eric Vyncke                        
>> Consulting Engineer                Cisco Systems EMEA
>> Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
>> E-mail: evyncke@cisco.com          Mobile: +32-75-312.458
>> -
>> [To unsubscribe, send mail to majordomo@lists.gnac.net with
>> "unsubscribe firewalls" in the body of the message.]
> 
Eric Vyncke                        
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke@cisco.com          Mobile: +32-75-312.458

Follow-Ups:
- Re: Security of a MAC adress??
  - From: Javier Romero <poeta@lanet.com.pe>

Prev by Date: No Subject
Next by Date: FW: Policy Post 5.10 -- Crypto Legislation Moves Into Perilous Territ
Prev by thread: (no subject)
Next by thread: Re: Security of a MAC adress??
Index(es):
- Date
- Thread