doc question on private network IP allocation
Tim
ignored_mailbox at yahoo.com.au
Sat Oct 15 11:11:44 UTC 2011
On Fri, 2011-10-14 at 18:06 -0700, Paul Allen Newell wrote:
> All I have to do is convince them to do MAC access filter list and
> I'll be happy.
MAC filtering is utterly pointless. It *cannot* stop someone who wants
to connect, it's completely impossible, because they can easily change
their MAC to be the same as one that you've already allowed. There is
just no way for it to be able to enforce what you think it will do.
MAC filtering can cause users a lot of grief, because they expect to be
able to connect and only have to supply a password. So, if they bring
in another computer, they don't understand why they can't connect, and
they're faced with having to reconfigure a device that they don't
understand. In the meantime, they'll probably do a factory reset on the
router, trying to resolve the problem, and end up turning off *all*
security (the default settings of most home modem/routers; and it's
commonly the default action of a clueless user trying to allow
something, to go ahead and allow everything, and leave it that way).
Broken networking does not equal more secure networking. And it's a
trivial matter for someone only slightly clueful to configure their
computer to connect to a network (i.e. an untrustworthy person), there
are hacking tools designed for the idiot hacker to play with. It may
not be a trivial matter for someone who just doesn't understand anything
to do with networking (i.e. the normal users of the network) to figure
out what to do with it, who aren't going to try to research how to hack
their network.
It's a waste of time to set up a MAC filter, and it's a further waste of
time to have to fiddle with things to let a new computer connect up.
The only use I'll make of the MAC addresses is for programming a DHCP
server, so that particular computers always gets given the same IPs. It
makes various networking things, particularly Windows SMB, much easier
to cope with when their IPs are always the same.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list