On Tue, 2008-05-13 at 18:45 +0200, jdd sur free wrote:
Per Jessen wrote:
jdd - very funny :-) Changing the MAC on a virtual NIC behind a NAT scheme doesn't count ...
nat is only an option, any net config have the same option. and virtual machine is exacltly seen as a normal one on the net
It's only to quote that, alas, mac filter is of little value for security. large wap key should be nice for wireless, but for eth, the man in the middle attack is quite easy
I see so many open nets, that... (I don't speak for you, of course)
jdd
-- Jean-Daniel Dodin Président du CULTe www.culte.org
You could unique vlan each port so intercommunication cannot be done without going through the gateway at which time it can be filtered. You can also use the Bridge MIB (RFC1493)(mib-2.17.4.3.1) to validate what port a MAC is on and then use some programming to monitor if it moves or changes. Most switches support this feature out of the box. There are lots of different MAC filtering techniques that can be used effectively. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org