Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
3
Replies

IP Spoofing

travis-dennis_2
Level 7
Level 7

‎08-29-2001 02:00 PM - edited ‎03-08-2019 08:39 PM

I know it is very easy to spoof an IP address from the outside of a network. How hard is it to spoof a MAC address or when you spoof the IP address are you spoofing the MAC address as well? I want to set up my 3524 switches to only allow specified MAC addresses through. The logistics are not a problem as we are a smaller company. I want to know would I be wasting my time gathering the MAC addresses and putting them in the switches if the MAC addresses can be as easily spoofed as an IP address.

Labels:
0 Helpful
3 Replies 3

scothrel
Level 3
Level 3

‎08-29-2001 06:13 PM

MAC addresses can be as easily spoofed as IP, but the MAC address is rewritten for each link, unlike the IP addresses which are preserved end-to-end. So the spoofed MAC is only spoofed for the segment that its injected on, after that the packet is re-written by the networking gear (except for hubs, which are just backbones in a box).

Does this answer your question?

SC

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to scothrel

‎08-29-2001 06:28 PM

I think it does. What your anwswer boils down to is that once the initial MAC address is spoofed it is a moot point because the switch would rewrite the packet with it's own MAC address and pass the packet along anyway therby bypassing any access list set up on the switch to stop unlisted MAC addresses from getting forwarded. Is this correct? If so, is there anyway to effectively stop an unauthorized packet at the switch level?

0 Helpful

scothrel
Level 3
Level 3
In response to travis-dennis_2

‎08-30-2001 06:44 AM

Yes, there is a way to do this. On the Catalyst 6XXX series (and I'm pretty sure its on other Cisco

switches like the 2900 series) you are looking for the "set port security ..." feature. I'll be the first to admit that I've never used the functionality, I just know that it exists, so check your documentation. It is supposed to allow you to configure some number of MAC addresses as "secure" or allowed on a port. My understanding is that if you hook up a device or spoof a MAC not on the allowed list for that port, the switch can disable the port. There is also some mode called "restricted" that I haven't a clue about...this stuff wasn't part of the CCNA exam ;-).

Hope this gives you a pointer to what you need...

SC

0 Helpful
Customers Also Viewed These Support Documents