Network Security: Detailed info on Re: Is this a good firewall? (allowing in from dynamic host)

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

Re: Is this a good firewall? (allowing in from dynamic host)

from [Robert Hajime Lanning] Network Security

[Permanent Link]

Subject:	Re: Is this a good firewall? (allowing in from dynamic host)
Date:	Wed, 23 Feb 2005 17:28:03 -0800

On Tue, 22 Feb 2005 12:38:45 -0600, Gina H Montgomery
<gmontgomery@gapsinc.com> wrote:

Hi Kevin -

One way to do this is to determine the WAN mac address of your cable
modem - the one associated with the 12-134345-112.nashville.comcast.com
hostname.  Then, inside your iptables script, filter based on -m tcp --
mac-source 00:11:22:33:44:55 to match any packets from your home.


whoa here.... he did not say the firewall was on the same subnet as the client.
MAC address matching is only good for devices on the same broadcast domain.
The firewall would only see the MAC of the next hop router.

-- 
END OF LINE
       -MCP

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Is this a good firewall?, Kevin Old Re: Is this a good firewall? (allowing in from dynamic host), Gina H Montgomery Re: Is this a good firewall? (allowing in from dynamic host), Robert Hajime Lanning <= Re: Is this a good firewall?, Robert Hajime Lanning

Previous by Date:	Can a VPN tunnel be built between a Cisco device and a Netscreen 50?, Mike Jones
Next by Date:	MSN Messenger Voice Conversations, N_E_O
Previous by Thread:	Re: Is this a good firewall? (allowing in from dynamic host), Gina H Montgomery
Next by Thread:	Re: Is this a good firewall?, Robert Hajime Lanning
Indexes:	[Date] [Thread] [Top] [All Lists]