Ziv Dascalu <ziv @
AbirNet .
com> writes:
> --- On 15 Feb 1997 11:47:09 +0100 Benedikt Stockebrand <benedikt @
devnull .
ruhr .
de>
> wrote:
>
> >Great. A packet filter. Now what about IP spoofing?
>
> Client and server machine can also be identified by MAC address and not just by IP
> !!!
How do you authenticate a MAC? In PC-land any common Ethernet adaptor
allows one to change its MAC. Same for SPARCs.
And since the original question dealt with allowing access to a
service from certain hosts outside your potential customers network:
How do you actually *get* the MAC address of the remote host while it
isn't on the same physical network as your packet filter? After all,
the MAC is part of the link layer frame and not of the network layer
segment/packet headers.
So once more: How do you make sure that the connection to your
potential customers local lpd port originates from a legitimate
off-site host?
--
Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes. Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.
References:
|
|
