On 2014-11-28, Christian Weisgerber wrote:
> On 2014-11-28, Martin Hanson wrote:
>
>> How does one secure against MAC/IP spoofing? Is there a way to prevent this.
>
> 1. You separate the traffic so that potential attackers cannot access
>this network segment.
>a. Physically: Run a wire.
>
> theoretically this is possible, but only if the original machine holding
> the ip was down. just as a nameserver converts to an ip, the ip is converted
> to a MAC-address, which is associated with the NIC. if you want you can
> permantly associate an ip with a mac, that way another machine cannot
On Fri, Nov 28, 2014 at 03:27:38PM +0100, Martin Hanson wrote:
> First I would scan the network for MACs and matching IPs, then I would
> spoof one at a time until I am out.
Don't forget about the differentiation between "authpf" and
"authpf-noip". The latter can make things interesting for some
On 2014-11-28, Martin Hanson wrote:
> How does one secure against MAC/IP spoofing? Is there a way to prevent this.
1. You separate the traffic so that potential attackers cannot access
this network segment.
a. Physically: Run a wire.
b. Logically: Use a separate VLAN.
2. Authenticate w
On Fri, Nov 28, 2014 at 03:27:38PM +0100, Martin Hanson wrote:
> > theoretically this is possible, but only if the original machine holding
> > the ip was down. just as a nameserver converts to an ip, the ip is converted
> > to a MAC-address, which is associated with the NIC. if you want you can
>
On 2014-11-28, thev...@openmailbox.org wrote:
>> If say machine 192.168.0.2 and 192.168.0.3 needs unrestricted access to
>> the net, then wont it be as easy as "Joe" changing his machines IP
>> address to 192.168.0.2 to gain access without authentication?
>
> theoretically this is possible, but o
On 27.11.2014 17:09, Martin Hanson wrote:
Hi
So I am looking into authpf and I am wondering about some real world
applications.
I have a bunch of users, but I also have just a bunch of machines.
The machines cannot login via SSH and should not try to do so (via
some
script or otherwise). How
On Thu, 27 Nov 2014 17:09:02 +0100 Martin Hanson
wrote:
> Hi
>
> So I am looking into authpf and I am wondering about some real world
> applications.
>
> I have a bunch of users, but I also have just a bunch of machines.
>
> The machines cannot login via SSH and should not try to do so (via so
> Here is a case where you trust the machines, but do not trust Joe.
>
> Commonly, trusted servers are deployed on network segments that are
> separate from untrusted users - via Ethernet segments or VLANs. It
> is also possible to use VPNs to provide functional separation of
> servers from use
Hi
So I am looking into authpf and I am wondering about some real world
applications.
I have a bunch of users, but I also have just a bunch of machines.
The machines cannot login via SSH and should not try to do so (via some
script or otherwise). However, these machines needs access 24/7.
So I
On Thu, Nov 27, 2014 at 05:09:02PM +0100, Martin Hanson wrote:
> Hi
>
> So I am looking into authpf and I am wondering about some real world
> applications.
>
> I have a bunch of users, but I also have just a bunch of machines.
>
> The machines cannot login via SSH and should not try to do so (v
11 matches
Mail list logo
