Go Back   FlashFXP Forums > > > >

Suggestions Got a new idea or addition which would benefit IOFTPD? Post it here!

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 01-08-2004, 10:12 AM   #1
Mr_X
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Sep 2003
Posts: 142
Default setting MAC adress instead of IP for a user

It will be cool if we can add a MAC adress to a user instead of an IP. It will be usefull for 3 things:

* because when the client has a dynamic IP, i don't want to add lots of IP and I don't want to add *@* (security reason). I have an ADSL and a cable connection. With the ADSL the first two numbers are not every connection the same (even the first number).
* for security, because IP Spoofing can't be used
* it takes a little less time to check MAC (MAC is on layer 2 of ISO model and IP is on layer 3) and banning a MAC is more efficient to ban someone when he has a dynamical IP connection.
Mr_X is offline  
Old 01-08-2004, 10:36 AM   #2
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

FYI: it is very easy to give your network adaptor another MAC address, most (decent) cards have a setting for that in their driver properties

(just saying that a banned MAC address can give u a false feeling of security)

about the 'checking takes less time': it takes just as much time or even more time:
- at 'firewall' level: the packet requesting a TCP connection - contains both remote MAC and IP
- at ioFTPD level: io establishes the connection first to check the ip, i don't think there is a way to check the remote IP before a connection is established. the remote IP is then just 1 api call away, while the remote MAC address, well... i don't have any idea how to get it through winsock
ADDiCT is offline  
Old 01-08-2004, 10:39 AM   #3
MaistroX
Senior Member
FlashFXP Registered User
ioFTPD Registered User
 
Join Date: Jul 2002
Posts: 221
Thumbs up

This is a REALLY great suggestion, u have my vote for this .
MaistroX is offline  
Old 01-08-2004, 11:09 AM   #4
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default Re: setting MAC adress instead of IP for a user

Quote:
Originally posted by Mr_X
* for security, because IP Spoofing can't be used
A MAC address can be spoofed MUCH more easily than an IP, like ADDiCT mentionned. Any user can change his MAC address as he see fit.

Quote:
Originally posted by Mr_X
* it takes a little less time to check MAC (MAC is on layer 2 of ISO model and IP is on layer 3) and banning a MAC is more efficient to ban someone when he has a dynamical IP connection.
ioFTPD doesn't have any idea what the MAC address of the client is. io deals with TCP/IP, not raw ethernet packets. Having it dwelve lower in protocols would require more resource, not less.
Mouton is offline  
Old 01-08-2004, 11:16 AM   #5
darkone
Disabled
FlashFXP Registered User
ioFTPD Administrator
 
darkone's Avatar
 
Join Date: Dec 2001
Posts: 2,230
Default

Afak mac address of client usually doesn't reach the server - it's only received, when there is no router between.
darkone is offline  
Old 01-08-2004, 11:21 AM   #6
Mr_X
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Sep 2003
Posts: 142
Default

Quote:
A MAC address can be spoofed MUCH more easily than an IP, like ADDiCT mentionned. Any user can change his MAC address as he see fit.
My cable modem get my NIC's MAC adress and if i change of MAC internet doesn't work anymore (I have to call my provider to ask resetting modem). And less people know MAC spoofing than IP Spoofing

Quote:
ioFTPD doesn't have any idea what the MAC address of the client is. io deals with TCP/IP, not raw ethernet packets. Having it dwelve lower in protocols would require more resource, not less.
it will require more resource only on connecting. That's not a problem. I don't think there are not lots of people connecting to a ftp at the same time. If yes, it's not a problem because computers have enough ressource to do it.
Mr_X is offline  
Old 01-08-2004, 11:23 AM   #7
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

Quote:
My cable modem get my NIC's MAC adress and if i change of MAC internet doesn't work anymore (I have to call my provider to ask resetting modem). And less people know MAC spoofing than IP Spoofing
i'm guessing u are on Telenet like me?
if u release your ip before u change your MAC address, it works in an instant. If not, wait a couple of minutes (same time as when u would connect your modem to another computer).
ADDiCT is offline  
Old 01-08-2004, 11:24 AM   #8
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

Well, i think dark's comment is enough for thread to be closed.
Not possible.
Mouton is offline  
Closed Thread

Tags
adsl, connection, layer, mac, security

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flash hangs during transfers slatts General Discussion 5 01-14-2005 07:50 PM


All times are GMT -5. The time now is 08:23 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)