LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page how to use IPtables for preventing of Mac spoofing?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-28-2016, 02:28 AM   #1
massy
Member
 
Registered: Nov 2013
Distribution: CentOS 6.4
Posts: 209
Blog Entries: 1

Rep: Reputation: Disabled
how to use IPtables for preventing of Mac spoofing?

What is the command for preventing Mac spoofing in iptables?
 
Old 12-28-2016, 04:24 AM   #2
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 509

Rep: Reputation: 203Reputation: 203Reputation: 203
Hi there, and welcome!

I'm not aware of a way for iptables to detect MAC spoofing. You can do some filtering based on MAC addresses, so you could create rules to allow only known MACs, or only allow specific IP/MAC combinations. That won't stop someone from cloning both the MAC and IP of another device, though, and there is no way for iptables to detect that.

If you want to detect MAC spoofing, you most likely need to profile the machines you're connecting to at a higher level, by looking at things like what OS a device is running, which user is connecting from there, at what times it is connecting, etc. Analysing this data might help you find spoofed addresses, which you can then try and block.

You might also want to consider using a static ARP table - see https://www.linuxquestions.org/quest...-rules-382174/.

The Linux kernel rp_filter settings might also add a degree of protection - see http://www.slashroot.in/linux-kernel...path-filtering.

Lastly, depending on your setup, you might also want to look at "ebtables".

I hope this helps.

Regards,

Clifford
 
1 members found this post helpful.
Old 12-28-2016, 11:52 PM   #3
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 349

Rep: Reputation: 60
If you use a small network, try using static arp tables.

Add some specific trusted ips with their mac addresses.

That way your arp tables wont be updated by the spoofer.

I can not say about large networks since it will be difficult to add ips all the time.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MAC spoofing rob.rice Linux - Networking 6 10-09-2014 12:50 PM
Preventing IP spoofing using ip tables. manhtuan307 Linux - Security 4 05-16-2010 03:49 AM
Kubunt 7.10 mac spoofing lordrayden75 Linux - Networking 2 02-17-2008 03:33 AM
MAC Destination Spoofing outspoken Linux - Networking 4 04-06-2005 10:47 AM
Preventing IP Spoofing through IPTABLES bkankur Linux - Security 8 02-27-2005 07:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:54 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration