Re: [mod-security-users] Is possible to block mac addresses withmodsec?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

My pleasure, didn't want you to shun your router!  :-)

On Sat, 2010-09-18 at 11:08 -0600, Sergio wrote:
> Thanks a lot Mike for your kind explanation.
> 
> Best Regards,
> 
> Sergio Cabrera
> 
> On Sat, Sep 18, 2010 at 10:04 AM, Michael Shinn <mi...@go...>
> wrote:
>         You can't tell if an ip is spoofed from its mac except on your
>         local segment.  Because of that, you don't want to block the
>         source mac address unless the attack is from a system on your
>         local network segment.  If you block hosts outside your local
>         segment by mac address you'll block your upstream router
>         because all of those hosts will have your gateways mac
>         address.
>         
>         That's because MAC addresses work on your local physical
>         network segment, they are not addresses like IP addresses are:
>         they don't route.  You can't "see" the actual mac address of
>         anything outside your physical segment.  The mac address of
>         anything outside your segment will be your gateway (router,
>         firewall, etc.). The mac is used to get the packet to the
>         right physical interface on your segment.  Once its onto the
>         next segment that changes to reflect that segment and so on.
>         
>         Michael T. Shinn
>          KeyID:0xDAE2EC86
>         Key Fingerprint:  1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2
>         EC86
>         http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
>         SANS Advisory Board Member
>         
>         Got Root?  http://www.gotroot.com
>         modsecurity rules: http://www.modsecurityrules.com
>         Troubleshooting Firewalls:
>          http://troubleshootingfirewalls.com 
>         
>         
>         -----Original Message-----
>         From: Sergio <se...@gm...>
>         Date: Sat, 18 Sep 2010 09:13:49
>         To: Ryan Barnett<RBa...@tr...>
>         Cc:
>         mod...@li...<mod...@li...>
>         Subject: Re: [mod-security-users] Is possible to block mac
>         addresses with
>                modsec?
>         
>         ------------------------------------------------------------------------------
>         Start uncovering the many advantages of virtual appliances
>         and start using them to simplify application deployment and
>         accelerate your shift to cloud computing.
>         http://p.sf.net/sfu/novell-sfdev2dev
>         
> 
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html