Re: doc question on private network IP allocation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2011-10-14 at 18:06 -0700, Paul Allen Newell wrote:
> All I have to do is convince them to do MAC access filter list and
> I'll be happy.

MAC filtering is utterly pointless.  It *cannot* stop someone who wants
to connect, it's completely impossible, because they can easily change
their MAC to be the same as one that you've already allowed.  There is
just no way for it to be able to enforce what you think it will do.

MAC filtering can cause users a lot of grief, because they expect to be
able to connect and only have to supply a password.  So, if they bring
in another computer, they don't understand why they can't connect, and
they're faced with having to reconfigure a device that they don't
understand.  In the meantime, they'll probably do a factory reset on the
router, trying to resolve the problem, and end up turning off *all*
security (the default settings of most home modem/routers; and it's
commonly the default action of a clueless user trying to allow
something, to go ahead and allow everything, and leave it that way).

Broken networking does not equal more secure networking.  And it's a
trivial matter for someone only slightly clueful to configure their
computer to connect to a network (i.e. an untrustworthy person), there
are hacking tools designed for the idiot hacker to play with.  It may
not be a trivial matter for someone who just doesn't understand anything
to do with networking (i.e. the normal users of the network) to figure
out what to do with it, who aren't going to try to research how to hack
their network.

It's a waste of time to set up a MAC filter, and it's a further waste of
time to have to fiddle with things to let a new computer connect up.

The only use I'll make of the MAC addresses is for programming a DHCP
server, so that particular computers always gets given the same IPs.  It
makes various networking things, particularly Windows SMB, much easier
to cope with when their IPs are always the same.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux