Unique ID of machine, other than IP-Addr/MAC-Addr to prevent spoofing
Hi All,
I have some computers along with a server which binds the IP address to machine's MAC address; Idea was to force each machine to use only the assigned IP address to access LAN and Internet. As it is also possible to change the MAC address of a machine, so one can do the spoofing. Is there something else, which is unique to every machine and can be used to bind with IP address? Regards, Anupam |
a physical port on router, maybe.
|
Nmap can do OS fingerprinting to give you an idea of each PC.
|
Nmap can be used to infer the remote machine's OS, it is based on a remote device's responses on specific packets.
I'm not sure about whether this information is 'Unique' for machines. Can we use nmap to get something like 'BIOS String ID' or 'Hard Drive's unique serial number'? And is it possible to change these values? |
you know, if you apply such a methods, then you are probably expecting some kind of "hackish" users that may give you headache, and you probably won't solve problem the way you are trying to solve it now.
It would be better if you'd actually provided some more information about what are you really trying to do so people here can advice you something closer to actual problem solution. |
Setup is like this...
A machine can contact DHCP server to get IP address corresponding to its MAC address. After geting the IP, it goes to Internet via a gateway; Gateway is suppose to take care of whether this 'IP plus MAC combination' is right or not and then only allow/deny the packets to go outside. As this binding is based on MAC address, so if a user changes its MAC address then it will be alloted a different IP address (which is been given to another user) OR It can statically assign a different 'IP plus MAC combination'. Of course it seems "hackish" :) ...., but I just want to make it sure that the machines are using only the alloted IP addresses. That is why searching an alternative of MAC-Address. |
i'm sorry, what is the problem to assign clients one MAC address and only allow these mac addresses to contact DHCP? or set up DHCP the way it will only assign corresponding IP to MAC address is in list? and drop all others? If guy has no real reason, he won't be so stupid to try all of possible MAC addresses to brute-force DHCP to assign him IP of other user. Also, all the other users could already be connected so he will never succeed.
|
I can easily spoof your MAC address, de associate you and connect as your MAC. Wireless or over LAN.
MAC address safety is a myth You need to figure out a better method, maybe a radius server. |
Thanks!
The radius server can solve this problem, now I'm configuring 'FreeRADIUS' software. |
Your welcome.
|
All times are GMT -5. The time now is 07:01 PM. |