doc question on private network IP allocation

Alan Cox alan at
Sun Oct 16 15:10:24 UTC 2011

> Well, in the case of MAC filtering, it's nothing to do with "security."
> It's merely closing an unlocked door in someone's face.

No.. security is not a boolean. MAC filtering is very useful for stopping
inadvertent plugging in of the wrong system. It helps prevent accidents
and unsafe systems bridging networks or ending up on the 'wrong side of
the fence' where you have secure and insecure networks.

It's not a tool to prevent deliberate attack by users, and its not 100%
effective against a very careful attacker but tht doesn't make it nothing
to do with security.

> to even attempt it, not filtering on a central server.  A computer can
> still spew forth stuff onto a network its plugged into, even if it's not
> really joining in your network (in the sense of your server accepting
> it).

If you have physical access to a LAN port you can wire it to the mains
electricity supply. It all depends on your threat model and what you
entire in depth security arrangements are.


More information about the users mailing list