>In particular, many (most?) of the software-set NICs allow use of an
>arbitrary address; the setup program has an entry for an 'alternate'
>address to be put into the card's EPROM. And NIC setup programs are
>usually easy to get... given the program and a few minutes,
>temporarily 'borrowing' a machine's identity is easy. Thus, MACs are
>not reliable authenticators in most if not all cases.
MAC address is a command line option for ifconfig on sunos+solaris, and can
be an option in the net.cfg for many Novell card drivers (Western
Digital/SMC and dlink as examples), Also most Novell drivers conveniently
display the mac address when the system boots, so all you have to be able
to do is boot the system and press pause when it loads the card driver, to
write it down. Running Winipcfg on a win95 workstation tells you the
address (ip and mac).
Implication: you can use any DOS/Win3.x/Win95 PC with the mac address of
your choice using standard Novell ODI drivers (even if you have no netware
servers on your site). Of course you also don't have to use bootp/dhcp to
ask for an address, so you can use any IP address you like as well.
Therefore, using IP and MAC addresses for authentication/accounting only
serves to keep your honest users honest. If someone wants to forge these
it's trivial.
Follow-Ups:
|
|
