No, this really doesn't make much sense. The "incremental knowledge" required to change a MAC address after one understands the need to change the IP address is about 15 minutes of learning and about 10 minutes of work. Most modern NICs are easy to change their MAC address, and even if they aren't, you can buy a very usable NIC for $15, stick it in the machine.
What you are going for here is "Security through Obscurity", and in this case, barely any obscurity at all. Not gonna be productive. If one of your workstations is not at its designated IP address, you ask why. If the answer is not *really* good, you discipline and dock pay for repair time/costs (that will catch their attention). Second time, fire the guy... I've already spouted out on this list about this in the past, but look here: http://www.holland-consulting.net/newsltr/nl0003.html near the bottom, "But, how can I make my people do this?" Don't use technology to "solve" a management/HR issue. Nick. (If you really want a technology solution, block all access to everyone, grant access to just those IPs that you WANT to have access, at which point, when they change their IP, they will find another machine sitting there already. Or block access to all, and let it be known WHO caused this drastic action to be taken. Problem will be self-solving at this point) Myron Szymanskyj wrote: > > An interesting query. > > Currently the GnatBOX filters by IP address. A feature request. > > Could it be possible for the GnatBOX to have the ability to also take into > consideration the MAC address? > > For instance, in filtering a TCP/IP packet, where I'm not interested in the > IP address, but want to stop all data traffic on TCP port 25 from > originating from MAC address 00AC45A321. > > Why? It's easy on a workstation to alter the IP address. For a MAC address > (most NICs) the network adapter usually had to be changed. > > Does this make any sense? -- http://www.holland-consulting.net/
