News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Why IP-Filtering and not additional MAC
Pages: [1]
Topic: Why IP-Filtering and not additional MAC  (Read 2431 times)
« on: March 21, 2007, 10:25:01 »
dirk_neujahr *
Posts: 2
Hi !
I was wondering, why almost any Firewall is filtering the traffic in relation to the IP-address of the computers and not instead/additional the MAC-Address. Its very easy even for Noobs to spoof an IP but its more difficult to spoof a MAC.
The problem is, if you have a network with x people and there is one who knows a little bit about networking he would be able to connect to the wireless network and try-and-error the right IP which is granted for internet-access. Maybe someone could explain this to me ?

Greets Dirk
« Reply #1 on: March 21, 2007, 20:49:56 »
zeb *
Posts: 4
Simply because the firewall would need to be in the same broadcast domain as the source device.  i.e. connected to the same hub or switch, without any routers in the way.

As soon as your request goes through a router it loses your MAC address.

For a small network it would be possible but a larger routed network it wouldn't.

Spoofing MAC addresses is just as easy as spoofing an IP address.  Most NICs have an option for changing the MAC address.

If you are worried about wireless security then use strong encryption (WPA or WPA2).  If they don't know the key then they can't do anything, whether they have a valid MAC address or not.

HTH.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines