On Sat, 2011-10-15 at 09:14 -0600, Greg Woods wrote: > We use it on *wired* networks, primarily to prevent visitors whose > laptops have not been properly vetted (and may be crawling with > malware) from connecting to our internal network. It is not expected > to keep out serious bad guys. Like most security measures, the > effectiveness is measured against what you are trying to accomplish, > not against whether it succeeds in giving you unbreakable security. Well, in the case of MAC filtering, it's nothing to do with "security." It's merely closing an unlocked door in someone's face. Useful in a lab with multiple networks, to provoke someone into unplugging from the wrong socket and using the other one. But ultimately unable to actually prevent anything. Even what you're thinking of... It's all the other computers you'd need to implement MAC filtering on, to even attempt it, not filtering on a central server. A computer can still spew forth stuff onto a network its plugged into, even if it's not really joining in your network (in the sense of your server accepting it). -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
