04/11/13 14:52, intrigeri wrote: > Hi, > > anonym wrote (25 Oct 2013 23:01:42 GMT) : >> I'm unsure of how to proceed for wired connections. The problem is that >> there's no strong concept of being "associated" to a wired network (at >> least a "standard" ones, perhaps there is with 802.1x security...). I >> haven't really looked into this deeply but I suspect it'll be hard to >> identify blocking without confusing it with other types of wired >> connection filures. > > Agreed.
I added a section about this to the blueprint nevertheless. But should I take it that you also mean that probably we can't do anything about this? Or do we accepts a fair amount of false positives? After all, only a suggestion about what's wrong is shown + it links to the docs, which could make this clearer. I'm unsure what's the least confusing. >> If any one has good clues about how wired MAC >> address blocking works (e.g. on which level. DHCP? Lower layer?) I'd >> appreciate hearing about it. > > No idea. I doubt many network admins goes as far as white-listing > known MAC addresses on the switches, but blocking access to anyone who > hasn't a valid DHCP lease (that can only be obtained if your MAC is on > a whitelist) wouldn't surprise me. > >> Funny side-note: MAC spoofing apparently breaks both NAT-based and >> bridge-based networking in VirtualBox (it works well in libvirt/KVM >> though). We may want to add a specific notification if we detect that >> Tails is run in VirtualBox on network failure. > > Oh $DEITY :/ I think I have a really good fix for this. See commit ee1aa982 in T-G's repo, and my other recent response in particular. Cheers! _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
