Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: Blocking at firewall via MAC address
From: Bill_Royds () pch gc ca
Date: Fri, 14 Dec 2001 14:00:08 -0500



This would be possible only if you have no routers. The MAC address only
identifies the immediate source of the packet, which is the router if it
is a switched network.
The only way that you could handle this on a multi-subnet network is to
create ACL's for the routers based on MAC address,
The routers would not accept ARPs for those MAC addresses so there would
be no routing.

If you do have only a single subnet for these laptops and it connects
directly to the firewall, then you could have a scavenger process that
periodically checks the ARP table for these MAC addresses and uses the arp
-d command to drop them and generate a ban rule for the IP which is
connected to the MAC address. This would deter most abuse because the user
would have to use a new IP  every few seconds to continue the connection.
This would work with practically any firewall.
This type of thing could also be used as a DoS against you so be careful.



Bill Royds
System Administrator, CHIN
ph: (819) 994-1200 X 239





"B. Scott Harroff" <Scott.Harroff () att net>
12/13/01 02:10 PM


        To:     firewall-wizards () nfr com
        cc:
        Subject:        [fw-wiz] Blocking at firewall via MAC address


A business parter has a security requirement that only pre-identified and
approved laptops (identified by MAC address acting as a physical token)
can
access a network behind a firewall.  Identification and blocking by IP
address alone is not acceptable as it could be too easily changed by a
user
to match the IP address of an approved machine.

This could be done by placing a smart switch that only allows cerain MAC's
on certain ports to communicate with the firewall.  The other (cost
preferable) option would be to have the firewall block communications from
all but machines with approved MAC and IP addresses.

Does anyone have a soltion on how to block via MAC address with OpenBSD?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]