Subject: Re: NFS/net security
To: David Wetzel <dave@turbocat.de>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-help
Date: 05/11/2001 20:25:30
On Fri, May 11, 2001 at 05:32:28PM +0200, David Wetzel wrote:
> Hi folks,
>
> imagine you have a network with an NFS server "NSFS" and some clients "C1 ... Cn".
> All machines use static IPs.
>
> Imagine that some unplugs C2 and puts in an other computer with the same IP.
> The intruder could "su" to any user id and would have access to all data.
>
> Is there a way to store the MAC adresses that belongs to a client, and if that MAC address changes, the client would be disabled?
You can enter static ARP entries on the server, that should do what you want.
Depending on your network hardware you may also be able to do this at network
level (hardwire ethernet addr to switch ports).
But it's really not difficult to change the mac addr of a machine; 3com even
provides a tool to do this.
--
Manuel Bouyer <bouyer@antioche.eu.org>
--