doc question on private network IP allocation

Reindl Harald h.reindl at
Mon Oct 17 08:32:55 UTC 2011

Am 17.10.2011 10:22, schrieb Tim:
> Tim:
>>> Well, in the case of MAC filtering, it's nothing to do with
>>> "security." It's merely closing an unlocked door in someone's face.
> Alan Cox
>> No.. security is not a boolean. MAC filtering is very useful for
>> stopping inadvertent plugging in of the wrong system. It helps prevent
>> accidents and unsafe systems bridging networks or ending up on the
>> 'wrong side of the fence' where you have secure and insecure networks.
>> It's not a tool to prevent deliberate attack by users, and its not
>> 100% effective against a very careful attacker but tht doesn't make it
>> nothing to do with security.
> I'd say the fact that it *cannot* be used to "secure" a system, means
> that it does have nothing to do with security.  There is no way, shape,
> or form, that you can enforce security using MAC filtering

your understanding of security is simply broken

security is always a bundle of preventions and not a single thing
MAC filter is not thought as the only security layer
it is an additional one in a multiple secured network

it prevents 90% of all users out there to connect and if you
get only one of them in your network with malicious software
on it this one can not send spam over his zombies

all the little pieces and optimizations in summary give you
security, not any single configuration alone

if you have 5 easy to break security barriers in front you make it
real hard for most people without enough knowledge of all these
barrieres to break them all - nobody said these are the only
preventions - these are ADDITIONAL ONES

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : 

More information about the users mailing list