[Freedombox-discuss] Thoughts on MAC Addresses
Lee Fisher
blibbet at gmail.com
Mon Dec 3 19:05:54 UTC 2012
>> Just something kicking around my head when I should be sleeping :)
I presume a Freedombox owner should have the freedom to change the MAC
address of their box. Perhaps even if it conflicts with realistic
hardware/IANA mappings. But not if it conflicts with an existing device
on the network.
Isn't there a MAC hash technique by Cisco or someone, which creates a
hash out of host/user/etc info that fits into a MAC? That might be nice,
for some auth scenarios.
But I'm unclear what kind of box Freedombox is.
Wired-only? wifi-only?
IPv4-only, IPv6-only, or dual-stack (how?)?
DNSsec or normal. or no DNS (replacing with what?)?
What router protocol(s) are needed?
Will it be able to speak with existing routers? Cisco/Juniper style or
wifi/MANET style? Or will Freedombox be it's own router overlay, only
talking to other Freedomboxes? The edge IPS, if not built-into
Freedombox (Snort|Suricata?) might need to deal with MAC changes.
Changing MAC addresses is helpful for some privacy scenerios. But too
much change might mess up some network defenses, used by
routers/firewalls to protect against ARP/ICMP/DHCP/DNS attacks,
especially if using wireless protocols.
More information about the Freedombox-discuss
mailing list