HPE Community
Operating System - HP-UX
1836579 Members
1643 Online
110102 Solutions
New Discussion

MAC Address Restriction access to HP/UX?

 
SOLVED
Go to solution
rmueller58
Valued Contributor

‎08-06-2008 08:10 AM

‎08-06-2008 08:10 AM

MAC Address Restriction access to HP/UX?

I am curious if there is a way on HP/UX to restrict access to our HP/UX box via allowing only particular MAC address. I realize there is HOST.DENY, ALLOW via IP, but because of DHCP at some of our school districts, ip management is out of our control, however if we could get the MAC address this may help us to isolate people from accessing via the wireless non authenticated "issues".

Perhaps AAA or radius on HP/UX?

any thoughts appreciated.

0 Kudos
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎08-06-2008 09:43 AM

‎08-06-2008 09:43 AM

Solution

Re: MAC Address Restriction access to HP/UX?

Shalom,

Maybe the ipfilter firewall permits this.

Radius has been ported to HP-UX but I don't know if it will help.

http://software.hp.com
search for ipfilter
docs at http://docs.hp.com

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Heironimus
Honored Contributor

‎08-06-2008 09:50 AM

‎08-06-2008 09:50 AM

Re: MAC Address Restriction access to HP/UX?

This is really not a viable solution to your problem. You can not depend on getting the original host's MAC address if the connection crosses any network boundaries. Besides, you can easily change the MAC address an interface uses on most platforms.
0 Kudos
Tim Nelson
Honored Contributor

‎08-06-2008 10:53 AM

‎08-06-2008 10:53 AM

Re: MAC Address Restriction access to HP/UX?

I am not a network expert but once you are past the router MAC addresses cease to exist.


an arp -a will never show a MAC from another subnet.



0 Kudos
VK2COT
Honored Contributor

‎08-07-2008 02:01 AM

‎08-07-2008 02:01 AM

Re: MAC Address Restriction access to HP/UX?

Hello,

Firstly, MAC addresses are easy to forge.
May I (very politely) draw your attention
to a good reference titled
"The six dumbest ways to secure a wireless LAN":

http://blogs.zdnet.com/Ou/index.php?p=43

Things get even worse:

I work for customers who do not allow
ICMP. We cannot even ping the
default gateway. hence, classical
tools like ping, traceroute and arp
are useless.

If you still want to use MAC addresses,
one of the possibilities is to design
secure wireless LAN with the HP-UX AAA RADIUS Server.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
VK2COT
Honored Contributor

‎08-07-2008 02:12 AM

‎08-07-2008 02:12 AM

Re: MAC Address Restriction access to HP/UX?

... and short summary on how to
change MAC address in Windows XP,
Vista, Server 2003/2008, MacOS, Unix,
and Linux:

http://www.mydigitallife.info/2008/06/30/how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux/

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Deepak Kr
Respected Contributor

‎08-07-2008 04:43 AM

‎08-07-2008 04:43 AM

Re: MAC Address Restriction access to HP/UX?

Its a good idea but even MAC Addr can be forged easily so can not gurantee either.

Good way is to use IPFilter at IP Level for more options.

Regds,
Deepak
"There is always some scope for improvement"
0 Kudos
rmueller58
Valued Contributor

‎08-07-2008 06:00 AM

‎08-07-2008 06:00 AM

Re: MAC Address Restriction access to HP/UX?

Thanks All, I will do a bit more research on the things mentioned..

0 Kudos
rmueller58
Valued Contributor

‎08-07-2008 06:29 AM

‎08-07-2008 06:29 AM

Re: MAC Address Restriction access to HP/UX?

I will take these things into consideration and pass the info on to the Network Gods, I don't think I can do much on my Hp/Ux box to handle it effectively without a retrofit.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.