MAC addresses

Jason Opperisano opie at 817west.com
Sun Sep 12 00:23:30 CEST 2004


On Sat, 2004-09-11 at 14:50, Darren Kirby wrote:
> Are MAC addresses unique for all ethernet cards? 

theoretically, yes.

> What I would like to know is 
> could I use this rule to allow ssh connections ONLY from my notebook no 
> matter what its current IP address happens to be, and drop all other 
> connection requests?

yes--as long as "notebook" and "ssh server" are on the same network.

keep in mind--nothing prevents "badguy" from configuring his NIC to have
the same MAC as your "notebook"

if you're worried about security of "ssh server"--disable
PasswordAuthentication and only allow RSAAuthentication and/or
PubkeyAuthentication.

stealing your IP and MAC is much more likely than someone stealing your
private key (hopefully).

you could also create a reservation for your MAC in the DHCP server, and
filter based upon your (now) fixed IP.

-j

-- 
Jason Opperisano <opie at 817west.com>




More information about the netfilter mailing list