RE: MAC Authentication device

["Mike" <mike () superiorholidayadventures ca>]

One last thing that hit me as I was grabbing a coffee:

4.  Configure your servers to only accept connections from specified
IP's.  If they're Linux servers you could also use IPTables to only
accept specified IP's *and* MAC combinations.

Mike Fetherston

> -----Original Message-----
> From: Joann Jane [mailto:aladin168 () hotmail com]
> Sent: Wednesday, November 19, 2003 8:26 PM
> To: Mike
> Subject: RE: MAC Authentication device
>
> The consultants will be on-site, and my client want to be able to
control
> them by giving them a PCMCIA Network Card.
>
> We don't even allow wireless cards, these will be wired network cards.
>
> Any idea on how to ONLY allow authorized people to get on the network?
> Problem is that we can't control who can get on because whoever plug
into
> the jack can assign themselves an IP, which is mainly our concern.
>
> Thanks so much.
>
> MAC Spoofing, I know it can be done with SMAC,
> http://www.klcconsulting.net/smac right?
>
>
>
> > From: "Mike" <mike () superiorholidayadventures ca>
> > To: "aladin168" <aladin168 () hotmail com>,<security-
> basics () securityfocus com>
> > Subject: RE: MAC Authentication device
> > Date: Wed, 19 Nov 2003 15:03:39 -0500
> >
> > If you're trying to stop rogue devices from accessing your network
you
> > could configure your DHCP server to only hand out IP addresses to
MACs
> > that are in your access list.
> >
> > What kind of DHCP server are you using?
> >
> > Beware that MAC's can be spoofed.
> >
> > Mike Fetherston
> >
> > > -----Original Message-----
> > > From: aladin168 [mailto:aladin168 () hotmail com]
> > > Sent: Tuesday, November 18, 2003 4:54 PM
> > > To: security-basics () securityfocus com
> > > Subject: MAC Authentication device
> > >
> > >
> > >
> > > Hi,
> > >
> > >
> > >
> > > Can anyone recommend a device that will do MAC Address
Authentication
> > > before allowing a user/computer to connect to the network.  This
is
> > > different then MAC Address filtering, which allow or disallow
access
> > to
> > > the Internet for the the systems that are already on the network.
> > >
> > >
> > >
> > > I am trying to find a cheap device that will help me control
> > non-employees
> > > accessing our trusted network.
> > >
> > >
> > >
> > > Thanks,
> > >
> > > /Kyle
>
> -----------------------------------------------------------------------
-
> > --
> > > -
>
> -----------------------------------------------------------------------
-
> > --
> > > --
>
> _________________________________________________________________
> Groove on the latest from the hot new rock groups!  Get downloads,
videos,
> and more here.
http://special.msn.com/entertainment/wiredformusic.armx


---------------------------------------------------------------------------
----------------------------------------------------------------------------