Block Inbound Traffic

Archived from groups: comp.security.firewalls (More info?)

Does anyone know of a free firewall that will allow inbound
connections based on the remote computers name, mac, and/or IP? (not
so much the IP as the name/mac).

The outbound connections do not have to be monitored and all other
computers that try to access the system that has the firewall and is
not in an authoized list should be blocked.

Thanks.
29 answers Last reply
More about block inbound traffic
  1. Archived from groups: comp.security.firewalls (More info?)

    "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    news:1b6225e5.0407091513.3b0f3006@posting.google.com...
    > Does anyone know of a free firewall that will allow inbound
    > connections based on the remote computers name, mac, and/or IP? (not
    > so much the IP as the name/mac).
    >
    > The outbound connections do not have to be monitored and all other
    > computers that try to access the system that has the firewall and is
    > not in an authoized list should be blocked.

    Computer name? Pointless. Easily changed

    Mac? Pointless. Not transmitted outside of the LAN

    IP? The only way. Any firewall that can't block by IP is not worth the free
    price.
  2. Archived from groups: comp.security.firewalls (More info?)

    what does it need to run on, if Linux, why not use IPTables.
    Is it for a gateway device or just your workstation?

    "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    news:1b6225e5.0407091513.3b0f3006@posting.google.com...
    Does anyone know of a free firewall that will allow inbound
    connections based on the remote computers name, mac, and/or IP? (not
    so much the IP as the name/mac).

    The outbound connections do not have to be monitored and all other
    computers that try to access the system that has the firewall and is
    not in an authoized list should be blocked.

    Thanks.
  3. Archived from groups: comp.security.firewalls (More info?)

    "Banana" <banana@unrouteable.nowhere> wrote in message news:<ccofat$270r$1@otis.netspace.net.au>...
    > what does it need to run on, if Linux, why not use IPTables.
    > Is it for a gateway device or just your workstation?
    >
    > "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    > news:1b6225e5.0407091513.3b0f3006@posting.google.com...
    > Does anyone know of a free firewall that will allow inbound
    > connections based on the remote computers name, mac, and/or IP? (not
    > so much the IP as the name/mac).
    >
    > The outbound connections do not have to be monitored and all other
    > computers that try to access the system that has the firewall and is
    > not in an authoized list should be blocked.
    >
    > Thanks.

    It needs to run off of Windows. One that doesn't take alot of system
    resources is best. It will be used for more of a gateway type.
  4. Archived from groups: comp.security.firewalls (More info?)

    "Mike" <mike@notherematey.com> wrote in message news:<ccp5oe$kbs$1@thorium.cix.co.uk>...
    > "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    > news:1b6225e5.0407091513.3b0f3006@posting.google.com...
    > > Does anyone know of a free firewall that will allow inbound
    > > connections based on the remote computers name, mac, and/or IP? (not
    > > so much the IP as the name/mac).
    > >
    > > The outbound connections do not have to be monitored and all other
    > > computers that try to access the system that has the firewall and is
    > > not in an authoized list should be blocked.
    >
    > Computer name? Pointless. Easily changed
    >
    > Mac? Pointless. Not transmitted outside of the LAN
    >
    > IP? The only way. Any firewall that can't block by IP is not worth the free
    > price.


    MAC - Not pointless, firewall will be inside LAN.
    Computer name - Not pointless, cannot be easily changed. Only
    domain/local admins can change.
  5. Archived from groups: comp.security.firewalls (More info?)

    Did you check out Outpost?

    Agnitum Outpost Firewall (Free)
    (Freeware) (last Freeware version) (Unsupported)
    OS: Windows 9x/ME/NT/2000/XP
    Languages: English (documentation in German, Hungarian, Russian and Italian)
    Description: Agnitum Outpost is a personal firewall. It's standard personal
    firewall features include "system and application level filtering",
    "detailed information on all connections and open ports"; "predefined system
    and application settings for all common tasks (browsing the web, allowing
    ICQ, allowing DNS or DHCP, etc )"; a built-in log viewer; stealth mode; ICMP
    filtering; NetBIOS rule creation; wizard mode for automatic rule creation;
    MD5 authentication, etc. In addition, it supports plug-ins for tasks such as
    Intrusion Detection, Advertisement Blocking, Content Filtering, E-mail Guard
    and Privacy Control. The interface is highly customizable. For the plug-ins,
    it supports online automated update against new attacks. Finally, it needs
    no configuration before using and it starts protecting your system as soon
    as it's installed.
    Author: -- Company: Agnitum Ltd.
    Home Page:
    http://www.agnitum.com/
    download page v1.0.1817 (OutpostInstall.exe) (2556 KB)
    http://www.agnitum.com/download/outpost1.html


    "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    news:1b6225e5.0407091513.3b0f3006@posting.google.com...
    > Does anyone know of a free firewall that will allow inbound
    > connections based on the remote computers name, mac, and/or IP? (not
    > so much the IP as the name/mac).
    >
    > The outbound connections do not have to be monitored and all other
    > computers that try to access the system that has the firewall and is
    > not in an authoized list should be blocked.
    >
    > Thanks.
  6. Archived from groups: comp.security.firewalls (More info?)

    JP wrote:

    > I don't have to say, "I've tried product X", because I'M ASKING FOR
    > SUGGESTIONS! Ass.

    Well so far I see nothing but your ranting and raving and few
    suggestions. I wonder why?

    Have fun and watch that blood pressure.


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted.
  7. Archived from groups: comp.security.firewalls (More info?)

    Mike <info@michaelmoyse.co.uk> wrote in message news:<cd5e87$15p$1@thorium.cix.co.uk>...
    > JP wrote:
    >
    > > I don't have to say, "I've tried product X", because I'M ASKING FOR
    > > SUGGESTIONS! Ass.
    >
    > Well so far I see nothing but your ranting and raving and few
    > suggestions. I wonder why?
    >
    > Have fun and watch that blood pressure.

    I'm only ranting, and you put it, because you're trying to be an ass.
    Few suggestions, probably cause you're clogging this thread. And don't
    try to be the innocent party in this. You started ot, and now you see
    you're wrong.
  8. Archived from groups: comp.security.firewalls (More info?)

    JP wrote:

    > Mike <info@michaelmoyse.co.uk> wrote in message news:<cd5e87$15p$1@thorium.cix.co.uk>...
    >
    >>JP wrote:
    >>
    >>
    >>>I don't have to say, "I've tried product X", because I'M ASKING FOR
    >>>SUGGESTIONS! Ass.
    >>
    >>Well so far I see nothing but your ranting and raving and few
    >>suggestions. I wonder why?
    >>
    >>Have fun and watch that blood pressure.
    >
    >
    > I'm only ranting, and you put it, because you're trying to be an ass.
    > Few suggestions, probably cause you're clogging this thread. And don't
    > try to be the innocent party in this. You started ot, and now you see
    > you're wrong.

    Not trying to be an ass. Trying to help but you won't give any
    information despite my asking several times. Instead you prefer to rant,
    rave, swear at me and insult me. If anyone is clogging this thread it is
    yourself with your verbal diarrhea

    Actually my original post in reply to your question was not OT :-

    Computer name? Pointless. Easily changed

    Mac? Pointless. Not transmitted outside of the LAN

    IP? The only way. Any firewall that can't block by IP is not worth the free
    price.


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted.
  9. Archived from groups: comp.security.firewalls (More info?)

    Don Kelloway wrote:
    >
    > "Don Kelloway" <dkelloway@commodon.com> wrote in message
    > news:WFEJc.9201$sV2.2038@newsread2.news.atl.earthlink.net...

    > > You cannot block an incoming connection by computer name because it
    > can
    > > be easily spoofed. Besides the computer name is not something that's
    > > passed within an incoming packet.

    Computer names are obtained by doing a reverse lookup on an IP address.

    > I should have additionally stated that computer names are something that
    > are only available to other computers within the same LAN.

    If this name resolution occurs using DNS, it is often available throughout
    the Internet. However, it is also correct (ObFirewall) that many name
    services are confined to a LAN; typical examples are WINS and Windows Active
    Directory. Host files are even more restricted, valid only for the machine
    they are located on.

    Thor

    --
    http://www.anta.net/
  10. Archived from groups: comp.security.firewalls (More info?)

    Don Kelloway wrote:
    >
    > Assuming you are referring to blocking incoming traffic from the
    > Internet:
    >
    > You cannot block an incoming connection by MAC because the MAC of every
    > single incoming packet will be exactly the same as that of the last
    > router the packet was passed through.
    >
    > You cannot block an incoming connection by computer name because it can
    > be easily spoofed. Besides the computer name is not something that's
    > passed within an incoming packet.
    >
    > This leaves blocking incoming connections based upon IP address.

    Thats what I said when I first saw the problem as presented by JP, but
    it seems that JP has left some vital information out which has also lead
    you to the same conclusion. Watch out because he will start swearing at
    you now because you can't read his mind either.

    Sits back and waits for more ranting from JP.
    Maybe he will get the message that he is not giving enough information
    this time.
    On second thoughts, based on past performance, its probably our fault :-(


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted.
  11. Archived from groups: comp.security.firewalls (More info?)

    On 15 Jul 2004 16:13:41 -0700, gg2.20.joep@spamgourmet.com (JP) wrote:


    >> IP? The only way. Any firewall that can't block by IP is not worth the free
    >> price.
    >
    >
    >I have given plenty of information. Lets collect it.

    You havent


    >So it is your "verbal diarrhea" that is clogging this thread.

    I suggest taking the mote out of your own eye 1st sunshine.


    greg

    --
    Konnt ihr mich horen?
    Konnt ihr mich sehen?
    Konnt ihr mich fuhlen?
    Ich versteh euch nicht
  12. Archived from groups: comp.security.firewalls (More info?)

    On Fri, 16 Jul 2004 05:54:24 +0300, Thor Kottelin <thor@anta.net> wrote:


    >
    >Computer names are obtained by doing a reverse lookup on an IP address.
    >

    Only for those addresses with reverse DNS entries.


    greg

    --
    Konnt ihr mich horen?
    Konnt ihr mich sehen?
    Konnt ihr mich fuhlen?
    Ich versteh euch nicht
  13. Archived from groups: comp.security.firewalls (More info?)

    Jp has plenty of info.. obviously he wants to seperate a computer from
    the rest of the lan hes on.. via somthing easy like computername
    handed out via a dns server.. since he mentions that the comp names
    cannot be changed b/c of dns the names would be listed as
    comp1.mylocaldomain.com which is not easy to spoof on a domain
    considering that he probably has the names locked. i think theres
    plenty of info here.. since this is said to be a windows network
    iptables would not work as well because there might be more than one
    net admin and they might have no idea how to configure and update ip
    tables.. so a windows firewall is probably required.. since its on a
    lan mac / comp names / a combiantion of the 2 would be best.. though
    it is possible to spoof comp name and mac it will be another level of
    security to get passed. if coupled with an ids that is configured
    mainly for windows exploits and DoS attacks. as well as invalid name
    detection it could prove highly useful.. so please stop bitching about
    not having info..
  14. Archived from groups: comp.security.firewalls (More info?)

    "Thor Kottelin" <thor@anta.net> wrote in message
    news:40F74360.C6B868D8@anta.net...
    >
    > Don Kelloway wrote:
    > >
    > > "Don Kelloway" <dkelloway@commodon.com> wrote in message
    > > news:WFEJc.9201$sV2.2038@newsread2.news.atl.earthlink.net...
    >
    > > > You cannot block an incoming connection by computer name because
    it
    > > can
    > > > be easily spoofed. Besides the computer name is not something
    that's
    > > > passed within an incoming packet.
    >
    > Computer names are obtained by doing a reverse lookup on an IP
    address.
    >
    > > I should have additionally stated that computer names are something
    that
    > > are only available to other computers within the same LAN.
    >
    > If this name resolution occurs using DNS, it is often available
    throughout
    > the Internet. However, it is also correct (ObFirewall) that many name
    > services are confined to a LAN; typical examples are WINS and Windows
    Active
    > Directory. Host files are even more restricted, valid only for the
    machine
    > they are located on.
    >

    It's my belief that when the OP refers to a 'computer name', he is
    referring to a 'hostname' which is associated with the NetBIOS protocol.

    If however the OP was in fact referring to using a PTR record as a
    method to allow access. Yes. Performing a query against a DNS for a
    PTR record is a possibility. However PTR records are not required, are
    not unique and can be easily faked. It's also my belief that
    configuring a firewall to allow an incoming connection based upon the
    PTR record would be very secure.

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
  15. Archived from groups: comp.security.firewalls (More info?)

    "Don Kelloway" <dkelloway@commodon.com> wrote in message
    news:r0SJc.12606$kK.4492@newsread3.news.atl.earthlink.net...
    >
    > It's my belief that when the OP refers to a 'computer name', he is
    > referring to a 'hostname' which is associated with the NetBIOS
    protocol.
    >
    > If however the OP was in fact referring to using a PTR record as a
    > method to allow access. Yes. Performing a query against a DNS for a
    > PTR record is a possibility. However PTR records are not required,
    are
    > not unique and can be easily faked. It's also my belief that
    > configuring a firewall to allow an incoming connection based upon the
    > PTR record would be very secure.
    >

    ACK! The last sentence should say "It's also my belief that configuring
    a firewall to allow an incoming connection based upon the
    PTR record would be very insecure".

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
  16. Archived from groups: comp.security.firewalls (More info?)

    In article <1b6225e5.0407161104.226dc543@posting.google.com>,
    gg2.20.joep@spamgourmet.com says...
    > And for everyone else: saying that I want a Windows firewall that
    > blocks based on IP/MAC/Comp Name and has an allow list is plenty of
    > information. What else could you possibly need. Do you want the
    > computer model, because that doen't matter. And the services that are
    > running does not matter, as Mike wanted to know. So I don't see where
    > the trouble is.

    You do know that I can change the MAC address on every network card in
    my office, and my router, and my firewall, and the list goes on.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  17. Archived from groups: comp.security.firewalls (More info?)

    On 16 Jul 2004 12:04:26 -0700, gg2.20.joep@spamgourmet.com (JP) wrote:


    >And for everyone else: saying that I want a Windows firewall that
    >blocks based on

    You have been told that blocking on

    > IP

    Is good.

    > /MAC

    A waste of time

    > /Comp Name

    A waste of time.

    > and has an allow list

    Firewalls should explicitly block by default. So anything granted access is
    implcitly part of an allow list.


    greg

    --
    Konnt ihr mich horen?
    Konnt ihr mich sehen?
    Konnt ihr mich fuhlen?
    Ich versteh euch nicht
  18. Archived from groups: comp.security.firewalls (More info?)

    "dot_txt" <dot_txt@hotmail.com> wrote in message
    news:228cf51.0407161120.5e104c6b@posting.google.com...
    > Jp has plenty of info.. obviously he wants to seperate a computer from
    > the rest of the lan hes on.. via somthing easy like computername
    > handed out via a dns server.. since he mentions that the comp names
    > cannot be changed b/c of dns the names would be listed as
    > comp1.mylocaldomain.com which is not easy to spoof on a domain
    > considering that he probably has the names locked. i think theres
    > plenty of info here.. since this is said to be a windows network
    > iptables would not work as well because there might be more than one
    > net admin and they might have no idea how to configure and update ip
    > tables.. so a windows firewall is probably required.. since its on a
    > lan mac / comp names / a combiantion of the 2 would be best.. though
    > it is possible to spoof comp name and mac it will be another level of
    > security to get passed. if coupled with an ids that is configured
    > mainly for windows exploits and DoS attacks. as well as invalid name
    > detection it could prove highly useful.. so please stop bitching about
    > not having info..

    And your suggested solution is?...........
  19. Archived from groups: comp.security.firewalls (More info?)

    "Mike" <mike@notherematey.com> wrote in message news:<cd9ka0$r33$1@thorium.cix.co.uk>...
    > "dot_txt" <dot_txt@hotmail.com> wrote in message
    > news:228cf51.0407161120.5e104c6b@posting.google.com...
    > > Jp has plenty of info.. obviously he wants to seperate a computer from
    > > the rest of the lan hes on.. via somthing easy like computername
    > > handed out via a dns server.. since he mentions that the comp names
    > > cannot be changed b/c of dns the names would be listed as
    > > comp1.mylocaldomain.com which is not easy to spoof on a domain
    > > considering that he probably has the names locked. i think theres
    > > plenty of info here.. since this is said to be a windows network
    > > iptables would not work as well because there might be more than one
    > > net admin and they might have no idea how to configure and update ip
    > > tables.. so a windows firewall is probably required.. since its on a
    > > lan mac / comp names / a combiantion of the 2 would be best.. though
    > > it is possible to spoof comp name and mac it will be another level of
    > > security to get passed. if coupled with an ids that is configured
    > > mainly for windows exploits and DoS attacks. as well as invalid name
    > > detection it could prove highly useful.. so please stop bitching about
    > > not having info..
    >
    > And your suggested solution is?...........

    So, now your bitching about suggestions? First, it was that there was
    not enough info. And now that it has been established that I've have
    had enough info in the first place, your going to switch your story
    and ask eveyone what their solution is?
  20. Archived from groups: comp.security.firewalls (More info?)

    "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    news:1b6225e5.0407161104.226dc543@posting.google.com...
    > Greg Hennessy <me@privacy.net> wrote in message
    news:<a84ff0hq1fnkut0nfcmpc4k3lvh8up6eub@4ax.com>...
    > > On 15 Jul 2004 16:13:41 -0700, gg2.20.joep@spamgourmet.com (JP) wrote:
    > >
    > >
    > > >> IP? The only way. Any firewall that can't block by IP is not worth
    the free
    > > >> price.
    > > >
    > > >
    > > >I have given plenty of information. Lets collect it.
    > >
    > > You havent
    > >
    > >
    > > >So it is your "verbal diarrhea" that is clogging this thread.
    > >
    > > I suggest taking the mote out of your own eye 1st sunshine.
    > >
    > >
    > >
    > > greg
    >
    > Well, Mike, again I must explain to you. If you had not been a jackass

    You talking to me or Greg?
  21. Archived from groups: comp.security.firewalls (More info?)

    "JP" <gg2.20.joep@spamgourmet.com> wrote in message
    news:1b6225e5.0407161104.226dc543@posting.google.com...
    >
    > And for everyone else: saying that I want a Windows firewall that
    > blocks based on IP/MAC/Comp Name and has an allow list is plenty of
    > information. What else could you possibly need. Do you want the
    > computer model, because that doen't matter. And the services that are
    > running does not matter, as Mike wanted to know. So I don't see where
    > the trouble is.

    I believe the answer to your question has been provided not once, but
    several times from several persons including myself.

    There are firewalls that are capable of blocking based upon the MAC, but
    the ability to block based upon the MAC is only valid for systems within
    the same subnet.

    Unfortunately I and I think others have yet to determine from any of
    your posts if you are looking to firewall your PC from other systems
    within the same LAN, from other systems on the Internet, or both.
    Knowing how you intend to implement a firewall can be critical to making
    the proper selection.

    The same applies to blocking based upon computer name, but that too has
    several persons including myself wondering if what you mean by computer
    name is to say you want to block by hostname (NetBIOS) or PTR records
    (DNS). Unfortunately the term 'computer name' can be interpreted in a
    couple of ways.

    Regardless of the above what is the intent or motivation to want to
    block based upon MAC or hostname? Why is this something you're looking
    to do?

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
  22. Archived from groups: comp.security.firewalls (More info?)

    "dot_txt" <dot_txt@hotmail.com> wrote in message
    news:228cf51.0407161120.5e104c6b@posting.google.com...
    > Jp has plenty of info.. obviously he wants to seperate a computer from
    > the rest of the lan hes on.. via somthing easy like computername
    > handed out via a dns server.. since he mentions that the comp names
    > cannot be changed b/c of dns the names would be listed as
    > comp1.mylocaldomain.com which is not easy to spoof on a domain
    > considering that he probably has the names locked. i think theres
    > plenty of info here.. since this is said to be a windows network
    > iptables would not work as well because there might be more than one
    > net admin and they might have no idea how to configure and update ip
    > tables.. so a windows firewall is probably required.. since its on a
    > lan mac / comp names / a combiantion of the 2 would be best.. though
    > it is possible to spoof comp name and mac it will be another level of
    > security to get passed. if coupled with an ids that is configured
    > mainly for windows exploits and DoS attacks. as well as invalid name
    > detection it could prove highly useful.. so please stop bitching about
    > not having info..

    If he's looking to implement a firewall between his PC and the rest of
    the LAN, piece of cake. I can offer an SMLI bridge-based firewall that
    runs on Windows NT/2000 and can be configured to allow/deny based upon
    MAC, as well as IP. Unfortunately I think I read in one of his posts
    that he's looking for something that's free? If so, sorry what I have
    to offer is not free.

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
  23. Archived from groups: comp.security.firewalls (More info?)

    JP wrote:

    > "Mike" <mike@notherematey.com> wrote in message news:<cd9ka0$r33$1@thorium.cix.co.uk>...
    >
    >>"dot_txt" <dot_txt@hotmail.com> wrote in message
    >>news:228cf51.0407161120.5e104c6b@posting.google.com...
    >>
    >>>Jp has plenty of info.. obviously he wants to seperate a computer from
    >>>the rest of the lan hes on.. via somthing easy like computername
    >>>handed out via a dns server.. since he mentions that the comp names
    >>>cannot be changed b/c of dns the names would be listed as
    >>>comp1.mylocaldomain.com which is not easy to spoof on a domain
    >>>considering that he probably has the names locked. i think theres
    >>>plenty of info here.. since this is said to be a windows network
    >>>iptables would not work as well because there might be more than one
    >>>net admin and they might have no idea how to configure and update ip
    >>>tables.. so a windows firewall is probably required.. since its on a
    >>>lan mac / comp names / a combiantion of the 2 would be best.. though
    >>>it is possible to spoof comp name and mac it will be another level of
    >>>security to get passed. if coupled with an ids that is configured
    >>>mainly for windows exploits and DoS attacks. as well as invalid name
    >>>detection it could prove highly useful.. so please stop bitching about
    >>>not having info..
    >>
    >>And your suggested solution is?...........
    >
    >
    > So, now your bitching about suggestions? First, it was that there was
    > not enough info. And now that it has been established that I've have
    > had enough info in the first place, your going to switch your story
    > and ask eveyone what their solution is?

    Oh do stop crying please.
  24. Archived from groups: comp.security.firewalls (More info?)

    Mike <info@michaelmoyse.co.uk> wrote in message news:<cdat5h$ctm$1@thorium.cix.co.uk>...
    > JP wrote:
    >
    > > "Mike" <mike@notherematey.com> wrote in message news:<cd9ka0$r33$1@thorium.cix.co.uk>...
    > >
    > >>"dot_txt" <dot_txt@hotmail.com> wrote in message
    > >>news:228cf51.0407161120.5e104c6b@posting.google.com...
    > >>
    > >>>Jp has plenty of info.. obviously he wants to seperate a computer from
    > >>>the rest of the lan hes on.. via somthing easy like computername
    > >>>handed out via a dns server.. since he mentions that the comp names
    > >>>cannot be changed b/c of dns the names would be listed as
    > >>>comp1.mylocaldomain.com which is not easy to spoof on a domain
    > >>>considering that he probably has the names locked. i think theres
    > >>>plenty of info here.. since this is said to be a windows network
    > >>>iptables would not work as well because there might be more than one
    > >>>net admin and they might have no idea how to configure and update ip
    > >>>tables.. so a windows firewall is probably required.. since its on a
    > >>>lan mac / comp names / a combiantion of the 2 would be best.. though
    > >>>it is possible to spoof comp name and mac it will be another level of
    > >>>security to get passed. if coupled with an ids that is configured
    > >>>mainly for windows exploits and DoS attacks. as well as invalid name
    > >>>detection it could prove highly useful.. so please stop bitching about
    > >>>not having info..
    > >>
    > >>And your suggested solution is?...........
    > >
    > >
    > > So, now your bitching about suggestions? First, it was that there was
    > > not enough info. And now that it has been established that I've have
    > > had enough info in the first place, your going to switch your story
    > > and ask eveyone what their solution is?
    >
    > Oh do stop crying please.

    Whats the matter, found out your wrong finally?
  25. Archived from groups: comp.security.firewalls (More info?)

    > I only asked him for some more information and he went off the deep end.
    >
    > My /dev/null is right between /dev/mouse@ and /dev/port
    >
    > Must create a /dev/plonkers device sometime


    i must admit /dev/plonkers is a good one.. but please forward all
    messages to dev/null from here on unless you have any other usefull
    sugestions
  26. Archived from groups: comp.security.firewalls (More info?)

    dot_txt wrote:

    >Jp has plenty of info..

    There's plenty of info in your headers. Look into them before you try
    to pretend to be someone else. It's called "sock puppets" or
    "socking". You're not very good at it. Much in the same way you try
    to elicit help.
  27. Archived from groups: comp.security.firewalls (More info?)

    JP wrote:

    > Whats the matter, found out your wrong finally?
    No, just bored with your constant whining. Why don't you just put all
    that effort into providing a bit of detail about your problem?
  28. Archived from groups: comp.security.firewalls (More info?)

    JP wrote:

    > Does anyone know of a free firewall that will allow inbound
    > connections based on the remote computers name, mac, and/or IP? (not
    > so much the IP as the name/mac).
    >
    > The outbound connections do not have to be monitored and all other
    > computers that try to access the system that has the firewall and is
    > not in an authoized list should be blocked.
    >
    > Thanks.

    I think I understand now. Your request is related to your other post in
    comp.os.ms-windows http://makeashorterlink.com/?R2F0629D8 is it not?

    In there you want to make your DHCP server secure so that it only gives
    out IP addessess to machines that you determine can have an IP. You
    approach of using a firewall is both innovative and novel!

    You have spotted a security deficiency that many manufacturers have now
    targetted. At a recent Network Associates briefing I was chatting to one
    of the guys about this very issue. They are working with some switch
    vendors to build this sort of functionality right into the hardware.
    There are also some white papers floating around on the subject but I
    can't find anything useful.

    In the meantime I know its a pain in the arse but fixing everything by
    MAC address seems to be the only option. :-(


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
  29. Archived from groups: comp.security.firewalls (More info?)

    On Tue, 20 Jul 2004 at 15:53 GMT, Mike <honey@michaelmoyse.co.uk> spewed
    into the usenet group comp.security.firewalls:
    > JP wrote:
    >
    >> Does anyone know of a free firewall that will allow inbound
    >> connections based on the remote computers name, mac, and/or IP? (not
    >> so much the IP as the name/mac).
    >>
    >> The outbound connections do not have to be monitored and all other
    >> computers that try to access the system that has the firewall and is
    >> not in an authoized list should be blocked.
    >>
    >> Thanks.
    >
    > I think I understand now. Your request is related to your other post in
    > comp.os.ms-windows http://makeashorterlink.com/?R2F0629D8 is it not?
    >
    > In there you want to make your DHCP server secure so that it only gives
    > out IP addessess to machines that you determine can have an IP. You
    > approach of using a firewall is both innovative and novel!

    Not when you realise that the MAC can be changed. It is much easier to do
    this type of locking on the switch itself.
    Any modern switch with SNMP capabilities, VLAN and 802.1q support can
    probably be used for such scenarios.

    Assign a static ARP table to the switch, control this via SNMP v3.
    The user authenticates via 802.1q, and then the switch is ACLed and VLANed
    via SNMP based on login information so that the end user gets access to a
    limited set of resources.

    Devdas Bhagat
Ask a new question

Read More

Firewalls IP Computers Macintosh Networking