Date: Fri, 24 Mar 2006 13:48:59 +0300 From: Eygene Ryabinkin <rea-fbsd@rea.mbslab.kiae.ru> To: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Cc: freebsd-net@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? Message-ID: <20060324104859.GA10570@rea.mbslab.kiae.ru> In-Reply-To: <4423CBD5.2040208@ide.resurscentrum.se> References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se>
next in thread | previous in thread | raw e-mail | index | archive | help
> To prevent users from MAC-spoofing - buy a switch with some kind of > "port-security". If you could lock down a port to just one MAC and have a > static ARP on the router it would be pretty hard to spoof the MAC-address. With > another MAC than the one associated with the port you simply will not be able > to talk to anyone. No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just 'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and pretty easy for Windows. Port security would not prevent MAC spoofing -- you can not rely on the MAC provided by computer since it is easy to determine one for the 'trusted' machine and set yours to that. -- Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060324104859.GA10570>