[ previous ] [ next ] [ threads ]
 
 From:  "Suraj K. Rai" <surajrai at mac dot com>
 To:  Fred Wright <fw at well dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Static DHCP - MAC Mapping
 Date:  Wed, 25 Jun 2003 08:52:30 +0900
On Wednesday, June 25, 2003, at 08:11  am, Fred Wright wrote:

> On Tue, 24 Jun 2003, Alexandre Gambati wrote:
>
>>   The m0n0wall p12 do Static DHCP mapping.  Can i assing MAC adresses 
>> to
>> specific ip's in order to limit access to network resources?  Users 
>> "Not
>> mapped MAC adress" will be able to access network resources like i-net
>> connection by manual setting of gateway, dns, etc?
>>
>>   There's another way to limit user access by a MAC adress based rule?
>>
>>   I'm thinking of it, due the fragility of WEP feature of WLAN.
>
> You're right to be concerned about WEP, although MAC-based filtering is
> only a marginal improvement since the MAC address is spoofable.  
> Trying to
> use DHCP to turn IP filtering into MAC filtering is even less useful,
> since one can always get around that with a static config.  Filtering
> within the WiFi driver would make more sense, but I don't know if it 
> does
> that.

You could try turning off WEP and using m0n0wall's PPTP vpn server.  
Perhaps a more secure solution?

S.r.