Normally this security is implemented on a switch... You can 'lock' a port to a specific MAC address (normally the first one learned on that port). However it is interesting to tie that to a specific protocol eg SMTP.
Regards Steven Sporen Snr Network Admin, ECnet | www.ecnet.co.za -----Original Message----- From: Chris Green [mailto:[EMAIL PROTECTED]] Sent: 09 November 2001 06:06 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Filtering my MAC address. --------------------- Attention ----------------------------- A digest version of this list is now available. Send email to [EMAIL PROTECTED], with the following message: subscribe gb-users-digest your_email_address Then unsubscribe from this list. ------------------------------------------------------------- GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- And you missed one too. :) If the pc is behind a router on the internal network, an ARP request will only return the MAC address of the router. Layer 2 information doesn't cross a router. Chris Green >From: Myron Szymanskyj <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: Filtering my MAC address. >Date: Fri, 09 Nov 2001 01:04:11 +0000 > >--------------------- Attention ----------------------------- A digest >version of this list is now available. Send email to [EMAIL PROTECTED], >with the following message: subscribe gb-users-digest >your_email_address Then unsubscribe from this list. >------------------------------------------------------------- >GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >No. You've missed the point. Subnets and IP addresses can be totally >ignored. It does mean that the GnatBOX could end up with a rather large >table of MAC addresses. > >That the GnatBOX needs to know is that the protocol passing through it >is IP based then extract the port used, if TCP or UDP and the MAC >address, if asked to, ignoring the IP address. > >As mentioned by Brian, the only drawback is that some network cards can >have their hardware MAC address overridden, but then there has got to >me some way to turning off this feature. > >Think simple with this one. In this instance, the IP and subnet >settings are ignored. If it's an IP protocol transmission, look at the >MAC address and not the IP address, or, look at both. It's one dirty >way of validating that the IP address assigned to a computer is as it >should be. > >Anyway, just an idle idea. > > > >At 08/11/2001 07:19 pm , "Tom Trenker" <[EMAIL PROTECTED]> wrote: >>I believe that MAC addresses aren't passed by routers, >>so filtering by MAC would only work for machines on a >>local subnet. I doubt if this would be very useful. >>- Tom >> >> >> >> >>Myron Szymanskyj <[EMAIL PROTECTED]>@gta.com on 2001/11/08 07:32:38 >>AM >> >>Sent by: [EMAIL PROTECTED] >> >> >>To: [EMAIL PROTECTED] >>cc: >> >>Subject: Filtering my MAC address. >> >> >>An interesting query. >> >>Currently the GnatBOX filters by IP address. A feature request. >> >>Could it be possible for the GnatBOX to have the ability to also take >>into consideration the MAC address? >> >>For instance, in filtering a TCP/IP packet, where I'm not interested >>in >>the >>IP address, but want to stop all data traffic on TCP port 25 from >>originating from MAC address 00AC45A321. >> >>Why? It's easy on a workstation to alter the IP address. For a MAC >>address >>(most NICs) the network adapter usually had to be changed. >> >>Does this make any sense? > >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
