[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mac Address Filter
On 13/06/2002, Chris <email@example.com> wrote Cc firstname.lastname@example.org:
> It is handy for keeping not-very-dedicated would-be theives from using
> your wireless network for their own net usage without first spending
OK, go to if_bridge.c and pf.c - think about the amount of
code needed to introduce that feature. I've been there, I've
worked on it.
Ok, now think about the amount of people you *can* "keep out" with
that - and for how long.
Does this match, say, is it worth the effort?
I dont think so.
All I've seen in the few mails describing this need with a scenario
have severe design problems.
You want MAC filtering for wlan? Well, make it a bridge (easier anyway)
and use the mac filter in there.
> time snooping on it. I know some people who (erroneously) think you
> need a soldering iron to change MAC IDs, so the technique clearly
> thwarts some fraction of persons seeking unpermitted access.
> Foolproof? Of course not. But it is not useless. It is one layer to
> slow down those who would consume resources, and makes other targets
> look more appetizing. You don't need to outrun bears, sometimes, just
> other hikers :-)
> PS some reason to hate MAC-based filtering, of which I should be
> alerted? :-)
> On Saturday, June 8, 2002, at 02:08 PM, Philipp Buehler wrote:
> > On 08/06/2002, O. Matt <email@example.com> wrote To firstname.lastname@example.org:
> >> I wonder how I could set up a mac addresses filtering firewall rule on
> >> my little OpenBSD 3.0 server. Any idea ?
> > Why does anyone wants MAC filtering?
> > You'll break more than you would gain in 'security'.
> > One thing you can do is to setup a bridge and use
> > the bpf filtering in there - if you really need to.
> > I'd like to hear some "arguments" why this is so
> > desired.
> > Answers like 'but netfilter has it' are void for me.
> > ciao
> > --
> > Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p>
> > #1: Break the clue barrier!
> > #2: Already had buzzword confuseritis ?
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p>
#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?