Home page logo
/

basics logo Security Basics mailing list archives

RE: MAC Authentication device
From: <arek () chelmnet pl>
Date: Fri, 21 Nov 2003 17:29:55 +0100

The best would be a switch which is looking onto DHCP packets on each port
and therefore it should verify if the port is permitted to send any packet
other than DHCP request.
After he recivied a DHCP reply, he permit's port to send any packet with
before used MAC/IP_HEADER as was typed by DHCP server.

That way security work's internet via CABLE_TV modems.

It is for instance host authorization command,,,

I think that it is the simpliest way,,, but, i have never seen such
switches...

Can anyone recommend a device that will do MAC Address Authentication
before allowing a user/computer to connect to the network.  This is
different then MAC Address filtering, which allow or disallow access
to the Internet for the the systems that are already on the network.

I am trying to find a cheap device that will help me control
non-employees accessing our trusted network.

Managed switches may allow you to do so (i.e. will block the respective
port if the MAC address doesn't match), but AFAIK they are going to
cost. Also keep in mind that MAC addresses can be easily spoofed.

Regards
Ansgar Wiechers

managed switches can be used for this issue, but you have to keep in mind
that even these might be crackable (via MAC flooding -- overload the
switches MAC table(s) makes them escape to a mode that equals a
hub/mutliport repeater)...


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault