How do you keep users from stealing other user's ip??
Eygene Ryabinkin
rea-fbsd at rea.mbslab.kiae.ru
Fri Mar 24 10:49:02 UTC 2006
> To prevent users from MAC-spoofing - buy a switch with some kind of
> "port-security". If you could lock down a port to just one MAC and have a
> static ARP on the router it would be pretty hard to spoof the MAC-address. With
> another MAC than the one associated with the port you simply will not be able
> to talk to anyone.
No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just
'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and
pretty easy for Windows. Port security would not prevent MAC spoofing --
you can not rely on the MAC provided by computer since it is easy to
determine one for the 'trusted' machine and set yours to that.
--
Eygene
More information about the freebsd-net
mailing list