Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 11:05:49 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        John Conover <conover@rahul.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Knowledge of MAC addresses a security issue?
Message-ID:  <496DC70D.90401@infracaninophile.co.uk>
In-Reply-To: <20090114095622.19284.qmail@rahul.net>
References:  <20090114095622.19284.qmail@rahul.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

John Conover wrote:
| Does knowledge of the internal MAC addresses on a network, (including
| the routers,) present a security issue?

In a word: yes. With caveats.

An attacker with knowledge of the MAC addresses of your equipment *and*
access to the same Layer 2 network where that kit is installed can mount
easy denial of service or man-in-the-middle type attacks against those
servers.

Of course, if the attacker has access to the L2 network segment, then it's
pretty easy for them to discover MAC addresses just from passing traffic
or the ARP cache of whatever device they've compromised.  Protecting MAC
addresses at that level is basically impossible.  Or in other words, don't
worry too much about trying to hide MAC addresses inside your network --
it's far more important to ensure that the equipment on that same network
segment is *all* locked down well.  Any easy targets on a network can act
as staging posts through which to mount attacks against the more
interesting machines.

If the attacker doesn't have access to that L2 network, then their knowing
what the MAC addresses are will actually identify equipment manufacturers
and possibly even specific hardware variants, which could be invaluable to
them in developing an attack.  MAC addresses are a somewhat unusual means
of doing this sort of reconnaissance, since either you've basically got to
have already succeeded in breaking in, or you have to mount a  social
engineering attack against the sort of technically adept people that know
what a MAC address is in order to get hold of them

	Cheers,

	Matthew

- --
Dr Matthew J Seaman MA, D.Phil.                       Flat 3
~                                                      7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
~                                                      Kent, CT11 9PW, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREDAAYFAkltxw0ACgkQ8Mjk52CukIzgpQCfcxNMMmS0Hh/x/EqRUzY6OCBv
PzkAn0VSMAzlDj94MePtQipuftyW87jd
=632b
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?496DC70D.90401>