Date: Wed, 14 Jan 2009 11:05:49 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: John Conover <conover@rahul.net> Cc: freebsd-questions@freebsd.org Subject: Re: Knowledge of MAC addresses a security issue? Message-ID: <496DC70D.90401@infracaninophile.co.uk> In-Reply-To: <20090114095622.19284.qmail@rahul.net> References: <20090114095622.19284.qmail@rahul.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 John Conover wrote: | Does knowledge of the internal MAC addresses on a network, (including | the routers,) present a security issue? In a word: yes. With caveats. An attacker with knowledge of the MAC addresses of your equipment *and* access to the same Layer 2 network where that kit is installed can mount easy denial of service or man-in-the-middle type attacks against those servers. Of course, if the attacker has access to the L2 network segment, then it's pretty easy for them to discover MAC addresses just from passing traffic or the ARP cache of whatever device they've compromised. Protecting MAC addresses at that level is basically impossible. Or in other words, don't worry too much about trying to hide MAC addresses inside your network -- it's far more important to ensure that the equipment on that same network segment is *all* locked down well. Any easy targets on a network can act as staging posts through which to mount attacks against the more interesting machines. If the attacker doesn't have access to that L2 network, then their knowing what the MAC addresses are will actually identify equipment manufacturers and possibly even specific hardware variants, which could be invaluable to them in developing an attack. MAC addresses are a somewhat unusual means of doing this sort of reconnaissance, since either you've basically got to have already succeeded in breaking in, or you have to mount a social engineering attack against the sort of technically adept people that know what a MAC address is in order to get hold of them Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkltxw0ACgkQ8Mjk52CukIzgpQCfcxNMMmS0Hh/x/EqRUzY6OCBv PzkAn0VSMAzlDj94MePtQipuftyW87jd =632b -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?496DC70D.90401>