> To prevent users from MAC-spoofing - buy a switch with some kind of
> "port-security". If you could lock down a port to just one MAC and have a
> static ARP on the router it would be pretty hard to spoof the MAC-address.
> With
> another MAC than the one associated with the port you simply will not be able
> to talk to anyone.
No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just
'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and
pretty easy for Windows. Port security would not prevent MAC spoofing --
you can not rely on the MAC provided by computer since it is easy to
determine one for the 'trusted' machine and set yours to that.
--
Eygene
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
