Operating System - HP-UX
1834136 Members
2419 Online
110064 Solutions
New Discussion

MAC Address Restriction access to HP/UX?

 
SOLVED
Go to solution
rmueller58
Valued Contributor

MAC Address Restriction access to HP/UX?

I am curious if there is a way on HP/UX to restrict access to our HP/UX box via allowing only particular MAC address. I realize there is HOST.DENY, ALLOW via IP, but because of DHCP at some of our school districts, ip management is out of our control, however if we could get the MAC address this may help us to isolate people from accessing via the wireless non authenticated "issues".

Perhaps AAA or radius on HP/UX?

any thoughts appreciated.

8 REPLIES 8
Steven E. Protter
Exalted Contributor
Solution

Re: MAC Address Restriction access to HP/UX?

Shalom,

Maybe the ipfilter firewall permits this.

Radius has been ported to HP-UX but I don't know if it will help.

http://software.hp.com
search for ipfilter
docs at http://docs.hp.com

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Heironimus
Honored Contributor

Re: MAC Address Restriction access to HP/UX?

This is really not a viable solution to your problem. You can not depend on getting the original host's MAC address if the connection crosses any network boundaries. Besides, you can easily change the MAC address an interface uses on most platforms.
Tim Nelson
Honored Contributor

Re: MAC Address Restriction access to HP/UX?

I am not a network expert but once you are past the router MAC addresses cease to exist.


an arp -a will never show a MAC from another subnet.



VK2COT
Honored Contributor

Re: MAC Address Restriction access to HP/UX?

Hello,

Firstly, MAC addresses are easy to forge.
May I (very politely) draw your attention
to a good reference titled
"The six dumbest ways to secure a wireless LAN":

http://blogs.zdnet.com/Ou/index.php?p=43

Things get even worse:

I work for customers who do not allow
ICMP. We cannot even ping the
default gateway. hence, classical
tools like ping, traceroute and arp
are useless.

If you still want to use MAC addresses,
one of the possibilities is to design
secure wireless LAN with the HP-UX AAA RADIUS Server.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
VK2COT
Honored Contributor

Re: MAC Address Restriction access to HP/UX?

... and short summary on how to
change MAC address in Windows XP,
Vista, Server 2003/2008, MacOS, Unix,
and Linux:

http://www.mydigitallife.info/2008/06/30/how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux/

VK2COT
VK2COT - Dusan Baljevic
Deepak Kr
Respected Contributor

Re: MAC Address Restriction access to HP/UX?

Its a good idea but even MAC Addr can be forged easily so can not gurantee either.

Good way is to use IPFilter at IP Level for more options.

Regds,
Deepak
"There is always some scope for improvement"
rmueller58
Valued Contributor

Re: MAC Address Restriction access to HP/UX?

Thanks All, I will do a bit more research on the things mentioned..

rmueller58
Valued Contributor

Re: MAC Address Restriction access to HP/UX?

I will take these things into consideration and pass the info on to the Network Gods, I don't think I can do much on my Hp/Ux box to handle it effectively without a retrofit.