Re: [mod-security-users] Is possible to block mac addresses withmodsec?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Is possible to block mac addresses withmodsec?
|
From: Michael S. <mi...@go...> - 2010-09-18 16:05:06
|
You can't tell if an ip is spoofed from its mac except on your local segment. Because of that, you don't want to block the source mac address unless the attack is from a system on your local network segment. If you block hosts outside your local segment by mac address you'll block your upstream router because all of those hosts will have your gateways mac address. That's because MAC addresses work on your local physical network segment, they are not addresses like IP addresses are: they don't route. You can't "see" the actual mac address of anything outside your physical segment. The mac address of anything outside your segment will be your gateway (router, firewall, etc.). The mac is used to get the packet to the right physical interface on your segment. Once its onto the next segment that changes to reflect that segment and so on. Michael T. Shinn KeyID:0xDAE2EC86 Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86 SANS Advisory Board Member Got Root? http://www.gotroot.com modsecurity rules: http://www.modsecurityrules.com Troubleshooting Firewalls: http://troubleshootingfirewalls.com -----Original Message----- From: Sergio <se...@gm...> Date: Sat, 18 Sep 2010 09:13:49 To: Ryan Barnett<RBa...@tr...> Cc: mod...@li...<mod...@li...> Subject: Re: [mod-security-users] Is possible to block mac addresses with modsec? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev |
