How do you keep users from stealing other user's ip??
Duane Whitty
duane at greenmeadow.ca
Fri Mar 24 11:21:59 UTC 2006
Eygene Ryabinkin wrote:
>> To prevent users from MAC-spoofing - buy a switch with some kind of
>> "port-security". If you could lock down a port to just one MAC and have a
>> static ARP on the router it would be pretty hard to spoof the MAC-address. With
>> another MAC than the one associated with the port you simply will not be able
>> to talk to anyone.
>>
> No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just
> 'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and
> pretty easy for Windows. Port security would not prevent MAC spoofing --
> you can not rely on the MAC provided by computer since it is easy to
> determine one for the 'trusted' machine and set yours to that.
>
I agree, no problem to spoof the MAC. But if the user does so they lock
themselves out because the port on the switch they connect to will only
talk to one MAC address, the one they were originally given.
--Duane
More information about the freebsd-net
mailing list