MAC addresses
Jason Opperisano
opie at 817west.com
Sun Sep 12 00:23:30 CEST 2004
On Sat, 2004-09-11 at 14:50, Darren Kirby wrote:
> Are MAC addresses unique for all ethernet cards?
theoretically, yes.
> What I would like to know is
> could I use this rule to allow ssh connections ONLY from my notebook no
> matter what its current IP address happens to be, and drop all other
> connection requests?
yes--as long as "notebook" and "ssh server" are on the same network.
keep in mind--nothing prevents "badguy" from configuring his NIC to have
the same MAC as your "notebook"
if you're worried about security of "ssh server"--disable
PasswordAuthentication and only allow RSAAuthentication and/or
PubkeyAuthentication.
stealing your IP and MAC is much more likely than someone stealing your
private key (hopefully).
you could also create a reservation for your MAC in the DHCP server, and
filter based upon your (now) fixed IP.
-j
--
Jason Opperisano <opie at 817west.com>
More information about the netfilter
mailing list