mac address firewall?

What do you want to achieve?

Yours, VB.

Yes.

cu

59cobalt

IP address can be easily spoofed, but mac address is harder to spoof. For example, we only want a particular machine to be able to ftp to/from the Interent, but do not want someone unpluging the particular machine from the network, and setting up his PC with that IP address, and ftp to the Internet.

-- Regards, Johnny.

Thanks, do you have the brand and model number? I prefer a hardware firewall.

-- Regards, Johnny.

This is an error. It's as easy to spoof MAC addresses as it is to spoof IP addresses.

Yours, VB.

Any host you plan to filter via mac address would have to be in the same broadcast domain as the internal fire wall port. (same subnet) Else the mac address will be that of the router which is. You may want to look at a FTP proxy to which the privileged internal host must authenticate to.

Netfilter (the packet filter of the Linux kernel) can do that. However, as Volker already told you, if you believe that MAC addresses are any harder to spoof than IP-Addresses you are mistaken.

Virtually every firewall is implemented in software.

cu

59cobalt

If it's so easy then why do some virus writers get caught when they are stupid enough to upload the virus from their own PC?

This has nothing to do with MAC addresses.

Yours, VB.

Actually it is easier My domestic d-link firewall/router has option to clone a MAC address - identify itself as someone else. Takes less than one minute to set up. Many ADSL services are specific to a MAC address, so when you change hardware you do not have to reconfigure your account.

It would take some work to figure out which MAC address to clone, but that is a separate issue.

Johnny Yan wrote: : IP address can be easily spoofed, but mac address is harder to spoof. For : example, we only want a particular machine to be able to ftp to/from the : Interent, but do not want someone unpluging the particular machine from the : network, and setting up his PC with that IP address, and ftp to the : Internet.

Both ip address and mac address can be spoofed. Try rather implementing a 802.1x based solution. Most managed switches of today support it and you'll also need some Radius server and certificates. I bit more complicated, but much more secure.

Lars

Yes Download free Sygate v5.5 b 2710

and also on

This is a lousy host-based packet filter, not a firewall.

^^^^^^^^

^^^^^^^^^^^^^

Ummm, is this supposed to be a trick question?

Old guy

You should not use it then!!

And you should not recommend it. Someone might take your advise serious, then messes up his computer with this craptastic software, opening certain remote security vulnerabilities in first place.

Anyway, it should be obvious and has been discussed here that MAC addresses are pretty useless as identification criteria.

Nobody should use it, as it has serious design flaws.

cu

59cobalt

I remember a case some years back where the virus writer was traced to his PC in his home via the IP and MAC address. I beleive it was in the Philipines. Just saying if it is so easy to do why was he caught?

Add Microsoft's new $250,000 bounty into the mix and at first glance, you'd think we're right on track. Not a chance! There are simply too many ways to be anonymous on the Internet, and more so today than ever before. You don't even need to spoof IP addresses these days; there are too many ways to have perfect stealth. Imagine you're a virus writer and need a launchpad for your evilw ork. Just start with an untraceable MAC address on a borrowed IP address, linked into a wireless router down the street which has access logging disabled, and then you tunnel through countless proxies and compromised zombies until you reach the desired launch point. Someone who does not wish to be caught (and knows what they're doing), cannot be caught. With wireless, it become a physical battle between a million victims and one guy walking down the street.

Then tell them what to use. I just use the XP firewall and a router. That's good enough for me.