Firewall Wizards mailing list archives
Re: MAC blocking
From: Chris Byrd <cbyrd01 () gmail com>
Date: Mon, 28 Nov 2005 17:00:30 -0600
If you are avoiding 802.1x and NAC/NAP due to cost of replacing existing switches, you might consider (assuming a largely Microsoft environment) what Microsoft calls "Domain Isolation" using IPsec: http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx http://blogs.msdn.com/James_Morey/ I'd stay away from any MAC based solution, as spoofing a MAC address is trivial. Chris -- www.riosec.com On 11/25/05, Eric Appelboom <eric () mweb com> wrote:
Hi I would like to white list known MAC address on a subnet and block\deny any new MACs. If a new MAC is seen the firewall it should not allow that MAC to pass traffic out that segment\vlan. A similar concept to MAC address locking on Wifi AP's It would be great to have this as a feature on a protected segment of a firewall. One could script a diff on files containing arp entries and then arp poison the IP associated to the new MAC (not the correct way) or spoof or bind the offending MAC with ifconfig\macmakeup\SMAC and bind to secondary interface. Any better ideas? (no 802.1x NAC\NAP please) Regards Eric _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- MAC blocking Eric Appelboom (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)
- Re: MAC blocking Chuck Swiger (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)
- Re: MAC blocking Chuck Swiger (Nov 28)
- Re: MAC blocking Paul D. Robertson (Nov 28)
- Re: MAC blocking Chris Byrd (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)