MAC Address

vortex vortex at free2air.net
Sat Oct 19 03:46:46 EST 2002


On Friday 18 October 2002 7:16 am, Alex Satrapa wrote:
> On Friday, October 18, 2002, at 03:26 , ht lee wrote:
[snip]
> So if you modify the MAC addresses of all your machines to some range
> that is privately known to your company, you can avoid these issues.
> Having "corporate standard" MAC ranges also makes it easier to detect
> which network devices are not company issue.
>
> There are many other legitimate reasons why you'd want to change the MAC
> address.

The above reason, security through obscurity, is never legitimate. A script 
kiddie would just try all known exploits regardless. Examine the cost of 
management of such a corporate MAC standard, and you would quickly agree. 
There are far cheaper alternative controls to contain such risks.

> By making MAC address mangling easy, the suppliers are also reminding
> people not to rely on MAC addresses for security (whether they intended
> to do so or not is a different question).

Agreed. But I suspect they offer the facility just for flexibility, including 
cold standby replacements that require identical MAC address, because of 
stange software licence binding or complex network ACL topologies.

shine,

.vortex




More information about the wireless mailing list