Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Blocking MSN (and any other service for that matter)

From: MHawkins () TULLIB COM
Date: Fri, 23 Apr 2004 08:53:00 -0400
So what if  someone has a changeable MAC NIC?

Step 1: Break through physical access and get yourself a Ethernet port to
connect to.
Step 2: Attempt to connect. Ethernet port shuts down almost as soon as you
connected.
Step 3: Since you are very technically competent you recognize the
possibility that MAC level security is in place.
Step 4: You conclude it will be far easier to steal time at a host that is
already within the network rather than attempt to guess a valid MAC address.

Mike H
-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Chuck
Vose
Sent: Friday, April 23, 2004 12:58 AM
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Blocking MSN (and any other service for that
matter)



Ahh.. this makes me think of 802.1Q. I have not seen it actually deployed 
anywhere however... Authentication based Virtual VLAN's would fit nicely 
here.


Indeed, it makes me wonder why people don't use VLAN by mac very often,
seems like it would be a good fit for lots of situations. But I guess
the whole changeable mac address thing could cause lots of problems. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: