Re: [mod-security-users] Is possible to block mac addresses withmodsec?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Is possible to block mac addresses withmodsec?
|
From: Sergio <se...@gm...> - 2010-09-18 17:09:01
|
Thanks a lot Mike for your kind explanation. Best Regards, Sergio Cabrera On Sat, Sep 18, 2010 at 10:04 AM, Michael Shinn <mi...@go...> wrote: > You can't tell if an ip is spoofed from its mac except on your local > segment. Because of that, you don't want to block the source mac address > unless the attack is from a system on your local network segment. If you > block hosts outside your local segment by mac address you'll block your > upstream router because all of those hosts will have your gateways mac > address. > > That's because MAC addresses work on your local physical network segment, > they are not addresses like IP addresses are: they don't route. You can't > "see" the actual mac address of anything outside your physical segment. The > mac address of anything outside your segment will be your gateway (router, > firewall, etc.). The mac is used to get the packet to the right physical > interface on your segment. Once its onto the next segment that changes to > reflect that segment and so on. > > Michael T. Shinn KeyID:0xDAE2EC86 > Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86 > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86 > SANS Advisory Board Member > > Got Root? http://www.gotroot.com > modsecurity rules: http://www.modsecurityrules.com > Troubleshooting Firewalls: http://troubleshootingfirewalls.com > > -----Original Message----- > From: Sergio <se...@gm...> > Date: Sat, 18 Sep 2010 09:13:49 > To: Ryan Barnett<RBa...@tr...> > Cc: mod...@li...< > mod...@li...> > Subject: Re: [mod-security-users] Is possible to block mac addresses with > modsec? > > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > |
