doc question on private network IP allocation

Tim ignored_mailbox at
Mon Oct 17 08:22:58 UTC 2011

>> Well, in the case of MAC filtering, it's nothing to do with
>> "security." It's merely closing an unlocked door in someone's face.

Alan Cox
> No.. security is not a boolean. MAC filtering is very useful for
> stopping inadvertent plugging in of the wrong system. It helps prevent
> accidents and unsafe systems bridging networks or ending up on the
> 'wrong side of the fence' where you have secure and insecure networks.
> It's not a tool to prevent deliberate attack by users, and its not
> 100% effective against a very careful attacker but tht doesn't make it
> nothing to do with security.

I'd say the fact that it *cannot* be used to "secure" a system, means
that it does have nothing to do with security.  There is no way, shape,
or form, that you can enforce security using MAC filtering.

Yes, it can be useful in basic network management, but that's not
security.  I stand by my analogy, that's all the effect it has.

Turning the power off to the VDU may make it harder for me to mess up
your computer, but it's *not* securing it.  There's a whole pile of
things that may be small obstacles, but none of them are security.

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the users mailing list