This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing Internal Mac Spoofing

I'm fairly new to Sophos UTM. I set up firewall rules and bandwidth limits for our kids to manage and schedule their Internet usage. This was working perfectly well until recently. I can't prove this, but I am pretty sure someone is spoofing a MAC address to get around the rules.

If I add a second NIC and hence a second LAN and connect the suspect to that network (they will be the only person on that LAN/ Subnet), will this prevent them using a spoofed MAC address to get around the firewall/ bandwidth rules? Or can they still use a spoofed MAC address to connect to the original LAN?

I hope this makes sense.

Thanks!

This thread was automatically locked due to age.

0 DouglasFoster over 7 years ago

Have not tried this, but most any network object can be tied to an interface, although it is generally not necessary. If you add that relationship, your plan should work.

An alternative would be to configure security based on user logins instead of based on MAC. If the privileged accounts use a password, spoofing would be insufficient.

Take a look at how you secure your nontraditional devices like smart TV. UTM generalky will not know which user is on the device.

Another option is to make everybody equally restrictive, so the incentive for mischief is reduced.

Will pray you have wisdom; parenting is tough.
Cancel
Vote Up 0 Vote Down

Cancel