Hi everyone.... I was interested in limiting my home network to only a few specific mac addresses, but the ease of spoofing a mac address got me thinking... If I were to make a simple program that sends out a message/probe from each computer and expects a response from others on the network ----> PROVIDED that the probe/response routine was not predictable (at least easily) ---> couldn't that be a simple way to verify the MAC/IP is who you think it is, so that when you don't get the required response, the BAN hammer drops on that MAC for a period of time....
ASSUMING I can make a relatively unpredictable probe/response so it isn't easily faked, does this sound like a reasonable way to ensure no spoofed addresses on my network ?

Thanks for any comments!!
(P.S. At least I wasn't asking for ideas for a thesis, right? ;p)

-John

Curious how you would get this to work. Spoofing a MAC changes the MAC address that is printed on each packet coming from the computer. You would need another piece of ID to identify each machine it would seem.

Sorry, I probably garbled the idea in my explanation... Firstly, the router is set up to give a set IP to known MAC's and deny all other connections. So, someone needs to spoof a mac to get on. BUT, the whole idea of this program is that this is a seperate and ongoing authentication. For example, each LEGITIMATE computer of mine will send out encrypted data over the broadcast address. This data is partially junk/filler but SOMETIMES it will contain instruction for a particular OTHER computer of mine to respond (or else get the boot, albeit temporarily). The exact implementation isn't decided yet but I'm trying to make it so it would be hard for a computer posing as one of mine on the network (with spoofed MAC/IP) to respond properly, or for that matter, to know if/when some of that broadcasted data was addressed to it, because I will use my own, probably constantly morphing trigger data to alert a particular computer to respond. Since each computer on the network will have the same basic program running there is no hierarchy or central authenticator to mess with, and any legitimate computer that is crashed and spoofed will not respond to the remaining legitimate computers properly, and will therefore will have it's MAC banned from the network for a period of time (ASSUMING my program hasn't been compromised and run on the intruding computer to produce the correct responses). Kind of a way of actively and continuously forcing an authentication of sorts which is totally independant of MAC or IP. I guess you could say the authentication is solely based on "is it running my program or not". If not, ban!!!!

I hope that makes some more sense this time ;p

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.