Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spoofing the ethernet address

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Sun, 5 Mar 2000 19:38:14 -0800

* Pauli Ojanpera <pauli_ojanpera () HOTMAIL COM> [000305 19:32]:

I'm not a expert in this field (in any way) but...

What do you think, would it be possible, feasible or just nice
to apply some kind of a public key authentification to the
hardware addresses so that the address would be the 'challenge'
I don't know if that is the right word even.


My initial thoughts say this idea would work for internal systems that
required this level of security, but would probably be cumbersome,
annoying, or impractical for use on internetworks.

Such a challenge and response would likely need to be build into the
application layer, which, to my way of thinking, shouldn't need to know
about the lower layers.

There is also a bit of a problem with proxy devices -- the security
needs of many organizations would have *all* access hidden behind a
proxy -- should such a proxy strip out the old MAC information and
replace it with its own or should it pass the traffic unaffected?

I think your idea has merit, but perhaps the uses for it would need to
be narrowed considerably.

$0.02, IMHO, etc. :)

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Previous By Date Next
Previous By Thread Next

Current thread: