North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cable Modem [really responsible engineering]
And have you ever arped for an IP not on your subnet (I am really opening myself up here if I am wrong :) ? ARP broadcasts IIRC are sent to the MAC broadcast. If your data link layer broadcast domain consists of you and a router, you will not be able to get any other MAC. You will only be able to see the MAC addresses of those in the MAC broadcast domain. ----- Original Message ----- From: "PJ" <[email protected]> To: "Wojtek Zlobicki" <[email protected]> Cc: <[email protected]> Sent: Wednesday, June 27, 2001 5:04 AM Subject: Re: Cable Modem [really responsible engineering] > On Tue, 26 Jun 2001, Wojtek Zlobicki wrote: > > > > > > > ----- Original Message ----- > > From: "Chris Adams" <[email protected]> > > To: <[email protected]> > > Sent: Tuesday, June 26, 2001 9:20 PM > > Subject: Re: Cable Modem [really responsible engineering] > > > > > > > > Also, how do you prevent the user from trying to forge someone else's > > > IP address or even MAC address in outgoing packets? Without protecting > > > against forged packets, I don't see how to provide accountability when > > > someone attacks. > > > > How would anyone find out anothers MAC. As long as you seperate each > > customer into their own bridge group, there is no way for them to find > > anothers MAC. As for forging IP's not much you can do about that. MAC > > address access list.. do they exists ? > > > > > > There is a neat little utility called arping that can return the MAC address of a > specified IP. Comes in handy for bypassing MAC address filters. > > PJ > > -- > Security is mostly a superstition. It does not exist in nature. > -- Helen Keller
|