mac address firewall?

Hi,

Is there any firewall that can specify mac address in addition to IP address
in the source/destination? Thanks.

--
Regards,
Johnny

Re: mac address firewall?

Johnny Yan wrote:
> Is there any firewall that can specify mac address in addition to IP address
> in the source/destination? Thanks.

What do you want to achieve?

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: mac address firewall?

Johnny Yan wrote:
> Is there any firewall that can specify mac address in addition to IP
> address in the source/destination?

Yes.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: mac address firewall?

"Volker Birk" ¼¶¼g©ó¶l¥ó·s»D
:45227d9b@news.uni-ulm.de...
> Johnny Yan wrote:
> > Is there any firewall that can specify mac address in addition to IP
address
> > in the source/destination? Thanks.
>
> What do you want to achieve?
>
> Yours,
> VB.
> --
> Viel schlimmer als die Implementation von PHP ist jedoch das Design.
>
> Rudolf Polzer in de.comp.security.misc

IP address can be easily spoofed, but mac address is harder to spoof. For
example, we only want a particular machine to be able to ftp to/from the
Interent, but do not want someone unpluging the particular machine from the
network, and setting up his PC with that IP address, and ftp to the
Internet.

--
Regards,
Johnny.

Re: mac address firewall?

"Ansgar -59cobalt- Wiechers" ¼¶¼g©ó¶l¥ó·s»D
:4ofeulFcsb4mU1@individual.net...
> Johnny Yan wrote:
> > Is there any firewall that can specify mac address in addition to IP
> > address in the source/destination?
>
> Yes.
>
> cu
> 59cobalt
> --
> "If a software developer ever believes a rootkit is a necessary part of
> their architecture they should go back and re-architect their solution."
> --Mark Russinovich

Thanks, do you have the brand and model number? I prefer a hardware
firewall.

--
Regards,
Johnny.

Re: mac address firewall?

Johnny Yan wrote:
> IP address can be easily spoofed, but mac address is harder to spoof.

This is an error. It's as easy to spoof MAC addresses as it is to spoof
IP addresses.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: mac address firewall?

Johnny Yan wrote:
> Hi,
>
> Is there any firewall that can specify mac address in addition to IP address
> in the source/destination? Thanks.
>
> --
> Regards,
> Johnny
>
>
Any host you plan to filter via mac address would have to be in the same
broadcast domain as the internal fire wall port. (same subnet) Else
the mac address will be that of the router which is. You may want to
look at a FTP proxy to which the privileged internal host must
authenticate to.

Re: mac address firewall?

Johnny Yan wrote:
> "Ansgar -59cobalt- Wiechers"
>> Johnny Yan wrote:
>>> Is there any firewall that can specify mac address in addition to IP
>>> address in the source/destination?
>>
>> Yes.
>
> Thanks, do you have the brand and model number?

Netfilter (the packet filter of the Linux kernel) can do that. However,
as Volker already told you, if you believe that MAC addresses are any
harder to spoof than IP-Addresses you are mistaken.

> I prefer a hardware firewall.

Virtually every firewall is implemented in software.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: mac address firewall?

On 3 Oct 2006 21:53:16 +0200, Volker Birk wrote:


> This is an error. It's as easy to spoof MAC addresses as it is to spoof
> IP addresses.

If it's so easy then why do some virus writers get caught when they are
stupid enough to upload the virus from their own PC?

Re: mac address firewall?

Garrot wrote:
> On 3 Oct 2006 21:53:16 +0200, Volker Birk wrote:
> > This is an error. It's as easy to spoof MAC addresses as it is to spoof
> > IP addresses.
> If it's so easy then why do some virus writers get caught when they are
> stupid enough to upload the virus from their own PC?

This has nothing to do with MAC addresses.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: mac address firewall?

"Volker Birk" wrote in message
news:4522bfac@news.uni-ulm.de...
> Johnny Yan wrote:
>> IP address can be easily spoofed, but mac address is harder to spoof.
>
> This is an error. It's as easy to spoof MAC addresses as it is to spoof
> IP addresses.
>
> Yours,
> VB.

Actually it is easier
My domestic d-link firewall/router has option to clone a MAC address -
identify itself as someone else. Takes less than one minute to set up. Many
ADSL services are specific to a MAC address, so when you change hardware you
do not have to reconfigure your account.

It would take some work to figure out which MAC address to clone, but that
is a separate issue.

Re: mac address firewall?

Johnny Yan wrote:
: IP address can be easily spoofed, but mac address is harder to spoof. For
: example, we only want a particular machine to be able to ftp to/from the
: Interent, but do not want someone unpluging the particular machine from the
: network, and setting up his PC with that IP address, and ftp to the
: Internet.

Both ip address and mac address can be spoofed. Try rather implementing
a 802.1x based solution. Most managed switches of today support it and
you'll also need some Radius server and certificates. I bit more
complicated, but much more secure.

Lars

Re: mac address firewall?

Post removed (X-No-Archive: yes)

Re: mac address firewall?

Post removed (X-No-Archive: yes)

Re: mac address firewall?

On Wed, 04 Oct 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1bjtd21ggecto.1resjcpvqaj6b.dlg@40tude.net>, Garrot wrote:

>On 3 Oct 2006 21:53:16 +0200, Volker Birk wrote:
>
>> This is an error. It's as easy to spoof MAC addresses as it is to spoof
>> IP addresses.
>
>If it's so easy then why do some virus writers get caught when they are
^^^^^^^^
>stupid enough to upload the virus from their own PC?
^^^^^^^^^^^^^

Ummm, is this supposed to be a trick question?

Old guy

Re: mac address firewall?

Post removed (X-No-Archive: yes)

Re: mac address firewall?

Post removed (X-No-Archive: yes)

Re: mac address firewall?

Casey wrote:
> In article <4oieofFen352U1@news.dfncis.de>, seppi@seppig.de says...
>> Casey wrote:
>>>> Is there any firewall that can specify mac address in addition to IP
>>>> address in the source/destination? Thanks.
>>>
>>> Yes Download free Sygate v5.5 b 2710
>>
>> This is a lousy host-based packet filter, not a firewall.
>
> You should not use it then!!

Nobody should use it, as it has serious design flaws.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: mac address firewall?

On Wed, 04 Oct 2006 14:59:44 -0500, Moe Trin wrote:


>
> Ummm, is this supposed to be a trick question?
>
> Old guy

I remember a case some years back where the virus writer was traced to his
PC in his home via the IP and MAC address. I beleive it was in the
Philipines. Just saying if it is so easy to do why was he caught?

http://www.securityfocus.com/columnists/246

Add Microsoft's new $250,000 bounty into the mix and at first glance, you'd
think we're right on track. Not a chance! There are simply too many ways to
be anonymous on the Internet, and more so today than ever before. You don't
even need to spoof IP addresses these days; there are too many ways to have
perfect stealth. Imagine you're a virus writer and need a launchpad for
your evilw ork. Just start with an untraceable MAC address on a borrowed IP
address, linked into a wireless router down the street which has access
logging disabled, and then you tunnel through countless proxies and
compromised zombies until you reach the desired launch point. Someone who
does not wish to be caught (and knows what they're doing), cannot be
caught. With wireless, it become a physical battle between a million
victims and one guy walking down the street.

Re: mac address firewall?

On 5 Oct 2006 00:23:09 GMT, Ansgar -59cobalt- Wiechers wrote:


> Nobody should use it, as it has serious design flaws.
>
> cu
> 59cobalt

Then tell them what to use. I just use the XP firewall and a router. That's
good enough for me.

Re: mac address firewall?

On 4 Oct 2006 07:17:53 +0200, Volker Birk wrote:


> This has nothing to do with MAC addresses.
>
> Yours,
> VB.

OK. :)

Re: mac address firewall?

On Thu, 05 Oct 2006, in the Usenet newsgroup comp.security.firewalls, in article
, Garrot wrote:

>On Wed, 04 Oct 2006 14:59:44 -0500, Moe Trin wrote:

[restoring original quoted material for context]

]>If it's so easy then why do some virus writers get caught when they are
] ^^^^^^^^
]>stupid enough to upload the virus from their own PC?
] ^^^^^^^^^^^^^

>> Ummm, is this supposed to be a trick question?

>I remember a case some years back where the virus writer was traced to his
>PC in his home via the IP and MAC address. I beleive it was in the
>Philipines. Just saying if it is so easy to do why was he caught?

You answered your own question. There are various "grades" of stupidity,
and that guy took the top prize.

>Add Microsoft's new $250,000 bounty into the mix and at first glance, you'd
>think we're right on track. Not a chance! There are simply too many ways to
>be anonymous on the Internet, and more so today than ever before. You don't
>even need to spoof IP addresses these days; there are too many ways to have
>perfect stealth.

The only way you can hide is to anonymously relay it through open relays.
The problem for law enforcement is the a vast number of the boxes on the
Internet today are wide open relays. Check the "Received:" headers on the
spam you receive - most of those are open relays.

>Imagine you're a virus writer and need a launchpad for your evilw ork. Just
>start with an untraceable MAC address on a borrowed IP address,

My understanding was that idiot got caught because of embedded serial numbers
in the wonderful software that was used. Most wankers today think that the
only way to create text that will be used for source code is to use MS Turd,
or something out of Orifice2003 - and can't understand why the _source_ file
for 'hello.c' is a 24k windoze file. In case you forgot (or are not a
programmer), the entire source is

#include

main()
{
printf("hello, world\n");
}

which is 60 characters (including the newlines) total. What's all the rest
of the crap in that windoze file? Guess - or use a disk-editor to find out.
You might be horrified to know what's in there.

>With wireless, it become a physical battle between a million victims and
>one guy walking down the street.

The reason there are a million victims is that nine hundred ninety nine
thousand of them shouldn't be trying to use anything as complicated as
a digital clock - never mind having access to a computer with or without
a connection to the Internet.

Old guy

Re: mac address firewall?

On Wed, 04 Oct 2006 23:02:51 -0500, Moe Trin wrote:

> On T> The reason there are a million victims is that nine hundred ninety nine
> thousand of them shouldn't be trying to use anything as complicated as
> a digital clock - never mind having access to a computer with or without
> a connection to the Internet.
>
> Old guy


Haha...that's quite true.

I'm not a programmer but I understood what you were saying, thx.

Re: mac address firewall?

Garrot wrote:
> On 3 Oct 2006 21:53:16 +0200, Volker Birk wrote:
>
>
> > This is an error. It's as easy to spoof MAC addresses as it is to spoof
> > IP addresses.
>
> If it's so easy then why do some virus writers get caught when they are
> stupid enough to upload the virus from their own PC?

So you connect to the internet (through your ISP, CyberCafe, Library,
whatever) they have a log of you connecting. Their DHCP server assigns
you an address. You fire off an email (originating from that IP
address) containing a "new" virus. See the trail?

[Just one example]

Re: mac address firewall?

On 5 Oct 2006 07:24:31 -0700, kingthorin@gmail.com wrote:


> So you connect to the internet (through your ISP, CyberCafe, Library,
> whatever) they have a log of you connecting. Their DHCP server assigns
> you an address. You fire off an email (originating from that IP
> address) containing a "new" virus. See the trail?
>
> [Just one example]

Obviosuly you didn't read this. http://www.securityfocus.com/columnists/246
Where's the trail now?

Re: mac address firewall?

Garrot wrote:
> On 5 Oct 2006 07:24:31 -0700, kingthorin@gmail.com wrote:
>
>
> > So you connect to the internet (through your ISP, CyberCafe, Library,
> > whatever) they have a log of you connecting. Their DHCP server assigns
> > you an address. You fire off an email (originating from that IP
> > address) containing a "new" virus. See the trail?
> >
> > [Just one example]
>
> Obviosuly you didn't read this. http://www.securityfocus.com/columnists/246
> Where's the trail now?

Interesting read, hoewver, "obviosuly you didn't read this":
"[Just one example]"

Re: mac address firewall?

On 5 Oct 2006 09:22:10 -0700, kingthorin@gmail.com wrote:


> Interesting read, hoewver, "obviosuly you didn't read this":
> "[Just one example]"

I read it but it didn't pertain to the point I was making.