Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MAC blocking

From: Chris Byrd <cbyrd01 () gmail com>
Date: Mon, 28 Nov 2005 17:00:30 -0600
If you are avoiding 802.1x and NAC/NAP due to cost of replacing
existing switches, you might consider (assuming a largely Microsoft
environment) what Microsoft calls "Domain Isolation" using IPsec:
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx
http://blogs.msdn.com/James_Morey/

I'd stay away from any MAC based solution, as spoofing a MAC address is trivial.

Chris
--
www.riosec.com

On 11/25/05, Eric Appelboom <eric () mweb com> wrote:

Hi

I would like to white list known MAC address on a subnet and block\deny
any new MACs.
If a new MAC is seen the firewall it should not allow that MAC to pass
traffic out that segment\vlan.
A similar concept to MAC address locking on Wifi AP's

It would be great to have this as a feature on a protected segment of a
firewall.

One could script a diff on files containing arp entries and then arp
poison the IP associated
to the new MAC (not the correct way) or spoof or bind the offending MAC
with ifconfig\macmakeup\SMAC and bind to secondary interface.

Any better ideas?   (no 802.1x NAC\NAP please)

Regards
Eric
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: