Hi
I really haven't seen any L2 FW who blocks MAC addresses, mainly because
MAC's doesn't travel through anything beyond a switch or any other L2
device. They're not routable.
At most, Firewalls like Sunscreen, Juniper, or IPS like Proventias G and M,
Tipping Point, Intrushield, etc. can work at L2: not assigning an IP to
their interfaces, acting like "stealth", but those firewalls doesn't have
all the capabilities a L3 firewall has, for example, VPN. Almost all IPS
detects fraggle attacks, so you may end up looking for an IPS rather than a
L2 Firewall.
If there exists any firewall that can block MAC addresses, that would be new
to me.
Regards
Omar
**********************************************************************
Hi everyone,
I was just wondering, are there any firewalls/packet filters that filter at
layer 3 & layer 2?
Because I want to filter by MAC address as well as IP address... also if the
firewall/filter logs which MAC address has which IP address,
I think I can do some simple Intrusion Detection.
The reason I want a layer 2 filter/firewall is so that when an attacker
spoofs an internal IP address, (which should be ingress filtered), if the
packet manages to get into the network, I assume the MAC address will be
different to the host being attacked... like so:
Attacker Spoofed packet Host A
RST Packet/ICMP Host B
MAC: 09:09:09:09 MAC
x:x:x:x MAC:
x:x:x:x
IP: x.x.x.x -----------> IP:
192.168.0.22 ----------> IP: 192.168.0.20
srcIP: 192.168.0.20
|
srcMAC: 09:09:09:09
<-------------RST/ICMP----------|
dstIP: 192.168.0.22
"Fraggle Attack".
Hoperfully a layer 2 filter/firewall between A and B could stop this attack.
Is there anything out there that can stop these type of attacks?
Thanks for your input,
~Davie Elliott
