Unique ID of machine, other than IP-Addr/MAC-Addr to prevent spoofing
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Unique ID of machine, other than IP-Addr/MAC-Addr to prevent spoofing
Hi All,
I have some computers along with a server which binds the IP address to machine's MAC address; Idea was to force each machine to use only the assigned IP address to access LAN and Internet.
As it is also possible to change the MAC address of a machine, so one can do the spoofing.
Is there something else, which is unique to every machine and can be used to bind with IP address?
Nmap can be used to infer the remote machine's OS, it is based on a remote device's responses on specific packets.
I'm not sure about whether this information is 'Unique' for machines.
Can we use nmap to get something like 'BIOS String ID' or 'Hard Drive's unique serial number'?
And is it possible to change these values?
you know, if you apply such a methods, then you are probably expecting some kind of "hackish" users that may give you headache, and you probably won't solve problem the way you are trying to solve it now.
It would be better if you'd actually provided some more information about what are you really trying to do so people here can advice you something closer to actual problem solution.
Setup is like this...
A machine can contact DHCP server to get IP address corresponding to its MAC address.
After geting the IP, it goes to Internet via a gateway; Gateway is suppose to take care of whether this 'IP plus MAC combination' is right or not and then only allow/deny the packets to go outside.
As this binding is based on MAC address, so if a user changes its MAC address then it will be alloted a different IP address (which is been given to another user) OR
It can statically assign a different 'IP plus MAC combination'.
Of course it seems "hackish" ...., but I just want to make it sure that the machines are using only the alloted IP addresses. That is why searching an alternative of MAC-Address.
i'm sorry, what is the problem to assign clients one MAC address and only allow these mac addresses to contact DHCP? or set up DHCP the way it will only assign corresponding IP to MAC address is in list? and drop all others? If guy has no real reason, he won't be so stupid to try all of possible MAC addresses to brute-force DHCP to assign him IP of other user. Also, all the other users could already be connected so he will never succeed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
...., but I just want to make it sure that the machines are using only the alloted IP addresses. That is why searching an alternative of MAC-Address.
