Hello, I am wondering if MAC Authentication can ever be secure on a wired network? From what I thought, it would not matter what kind of switch ro setup you had, as you could DOS the computer and take it's MAC address? But someone has said that even if a computer is of it still has a link.
Could someone clarify on this?
Thanks,
J
Jump to Postwhat exactly do you need clarified?
yes, you can find out a MAC by simply pinging the IP
yes, a MAC can easily be spoofed
yes, some NICs have a link, even while the PC is off, it is used for WoL functions
Jump to PostMAC auth is transferred in clear text, so the MAC can easily be intercepted, or sniffed directly, and spoofinng a MAC is very easy
what exactly are you trying to make secure?
what exactly do you need clarified?
yes, you can find out a MAC by simply pinging the IP
yes, a MAC can easily be spoofed
yes, some NICs have a link, even while the PC is off, it is used for WoL functions
what exactly do you need clarified?
yes, you can find out a MAC by simply pinging the IP
yes, a MAC can easily be spoofed
yes, some NICs have a link, even while the PC is off, it is used for WoL functions
I want to know if MAC authentication can be secure on a wired network. Is it dependant on the switch,? Is it good enough that someone would have to come and physically unplug the machine, or can it actually be DOS'd and spoofed?
MAC auth is transferred in clear text, so the MAC can easily be intercepted, or sniffed directly, and spoofinng a MAC is very easy
what exactly are you trying to make secure?
I am not trying to make anything secure, I am asking about the technology.
I know MAC Auth is transferred in clear text, and it can be spoofed, but from what I have been told, with the right switch, you will not be able to assume an already used MAC address unless the computer is unplugged. Is this true or untrue, and does it depend on the switch?
let me repeat myself - MAC authentication is not secure. in order to make is secure, you need to make the MAC encrypted, and for that, since you are encrypting, there is no need to auth by MAC - public/private key mechanism is enough.
as for what you described, how exactly will that make MAC authentication more secure?
Because if there is a switch which keeps a link to a computer even when turned off and will not allow for the mac address to be assumed. It is only secure for authentictaion, and not if hardware can be accessed.
and if you have to move the system to another port, what then?
also, the ports are identified by their MACs, what will stop the hacker from spoofing the port MAC?
Ever hear of ARP poisoning? I can assume any MAC on any network I want to, regardless of whether a machine is off or on, and I can make every other device on that network believe I'm the real thing.
The short answer to your question is YES, but not the way you were thinking. Establish static ARPs in your environment (no, I'm not going to explain how - use Google) and that should do a fairly good job for starters.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.