Firewall Wizards mailing list archives
Re: Blocking at firewall via MAC address
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Fri, 14 Dec 2001 13:20:55 -0500
Wizards, My apologies for not being more specific. Users at the partner network will have access to a room with a single switch which is directly connected to the hostile interface of the firewall (F1) in a secured area. The other interface of F1 fire is connected to a router via a x-over cable. F1 is building an IPSEC tunnel for certain inbound IP's on the hub/switch across a network into another firewall F2 which is further controlling access into another trusted network. There is no router between the laptops and F1. F1 will see the laptops MAC. I fully understand that MAC address can be changed or faked by any technical users. The partner's purpose is not to create an environment where it become physically impossible to have a non-authorized machine talk though the firewall (if someone can fake both the MAC and IP correctly). It's merely to add another security layer (another hurdle) which is challenging to overcome. Consider this: If you have the ability to change the MAC address, you still have to know what the correct MAC address is you need to fake - which will not be public information. Also, that MAC will have to correspond to a certain predetermined IP, another bit of non-public information. The combination of the two creates a relative cheap challenging hurdle. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- potential network attacks Daniel Handley (Dec 13)
- Blocking at firewall via MAC address B. Scott Harroff (Dec 14)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 15)
- Re: Blocking at firewall via MAC address Paul Robertson (Dec 16)
- Re: Blocking at firewall via MAC address black (Dec 15)
- Re: Blocking at firewall via MAC address B. Scott Harroff (Dec 15)
- Re: Blocking at firewall via MAC address Stephen P. Berry (Dec 16)
- Re: Blocking at firewall via MAC address Mark Brown (Dec 17)
- Re: Blocking at firewall via MAC address R. DuFresne (Dec 16)
- Re: Blocking at firewall via MAC address B. Scott Harroff (Dec 16)
- Re: Blocking at firewall via MAC address Ryan McBride (Dec 17)
- Re: Blocking at firewall via MAC address Paul Cardon (Dec 17)
- Re: Blocking at firewall via MAC address David Lang (Dec 17)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 15)
- Blocking at firewall via MAC address B. Scott Harroff (Dec 14)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 17)