Discussion:
filter by MAC address?
(too old to reply)
Steven M. Bellovin
2006-12-05 03:40:02 UTC
Permalink
Is there any way to configure ipf or pf to reject packets based on the
source MAC address? Failing that, is there any way to get dhclient to
do so?


--Steve Bellovin, http://www.cs.columbia.edu/~smb

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Steven M. Bellovin
2006-12-10 20:38:41 UTC
Permalink
On Sun, 10 Dec 2006 21:38:09 +0100
Post by Steven M. Bellovin
Is there any way to configure ipf or pf to reject packets based on
http://www.openbsd.org/faq/pf/tagging.html
Post by Steven M. Bellovin
Failing that, is there any way to get dhclient to
do so?
if you control the dhcp server, you could assign them IPs in a
specific range and block this range.
I wonder if it's feasible to blackhole such machines by playing with
arp?
The specific issue is trying to block a rogue dhcp server, and in
particular one for a 1918 address range. It's easy enough to add

reject 192.168.0.1;

to dhclient.conf, but you wander to the next NATted network and you'll
block the legitimate server that way.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
mouss
2006-12-10 20:38:09 UTC
Permalink
Post by Steven M. Bellovin
Is there any way to configure ipf or pf to reject packets based on the
source MAC address?
seems possible with pf:
http://www.openbsd.org/faq/pf/tagging.html
Post by Steven M. Bellovin
Failing that, is there any way to get dhclient to
do so?
if you control the dhcp server, you could assign them IPs in a specific
range and block this range.

I wonder if it's feasible to blackhole such machines by playing with arp?

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...