[geeks] Macintosh computers and MAC address blocking
Lionel Peterson
lionel4287 at verizon.net
Fri Feb 23 06:41:41 CST 2007
>From: der Mouse <mouse at Rodents.Montreal.QC.CA>
>Date: 2007/02/23 Fri AM 12:15:57 CST
>To: The Geeks List <geeks at sunhelp.org>
>Subject: Re: [geeks] Macintosh computers and MAC address blocking
>> To allow for a wildcard would break the very concept of MAC address
>> filtering -
>
>...huh?
>
>I can't see how wildcarding breaks "the very concept".
The concept of MAC filtering (as I understand it) is typically to allow a very specific MAC address access to a resource, by definition everything else is "wildcarded" to be denied. MAC address filtering can also be used to deny specific addresses, but I see that as a seldom used feature (I *suspect* most people would be in the situation of wanting to ensure THEIR KNOWN computers can access a resource, and not in the position of wanting to grant EVERYONE access EXCEPT for this small handful of MAC addresses).
OK, "the very concept" was a bit broad/grandious, but MAC address filtering is about specificity among a list of uniqe IDs - it would be like telling the guards at the front gate of an office campus that anyone in a GM car can come on property, or anyone in a Ford can not...
>Blocking (say) 00:c0:95:eb:*:* is really just a shorthand for blocking
>all 65536 addresses from 00:c0:95:eb:00:00 through 00:c0:95:eb:ff:ff -
>conceptually not at all difficult.
I didn't say I didn't understand it ;^) - I was trying to get at the idea that it goes against my understanding of MAC address filtering (allow certain specific resources access to the network)
>> Sun MAC address start 00:08 and go on from there (IIRC), so something
>> like 00:08:*:*:... could do it...
>
>You're probably thinking of the 08:00:20 prefix.
Yep - my memory sucks, I could have checked, but I shot from the hip and missed the target...
More information about the geeks
mailing list