doc question on private network IP allocation

[Tim]

On Sat, 2011-10-15 at 09:14 -0600, Greg Woods wrote:
> We use it on *wired* networks, primarily to prevent visitors whose
> laptops have not been properly vetted (and may be crawling with
> malware) from connecting to our internal network. It is not expected
> to keep out serious bad guys. Like most security measures, the
> effectiveness is measured against what you are trying to accomplish,
> not against whether it succeeds in giving you unbreakable security.

Well, in the case of MAC filtering, it's nothing to do with "security."
It's merely closing an unlocked door in someone's face.

Useful in a lab with multiple networks, to provoke someone into
unplugging from the wrong socket and using the other one.  But
ultimately unable to actually prevent anything.  Even what you're
thinking of...

It's all the other computers you'd need to implement MAC filtering on,
to even attempt it, not filtering on a central server.  A computer can
still spew forth stuff onto a network its plugged into, even if it's not
really joining in your network (in the sense of your server accepting
it).

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.