On 2014-11-28, Christian Weisgerber <na...@mips.inka.de> wrote: > On 2014-11-28, Martin Hanson <greencopperm...@yandex.com> wrote: > >> How does one secure against MAC/IP spoofing? Is there a way to prevent this. > > 1. You separate the traffic so that potential attackers cannot access > this network segment. > a. Physically: Run a wire. > b. Logically: Use a separate VLAN. > > 2. Authenticate with IPsec. > > I'll venture a guess and say that (1b) is the most common choice > in practice, although it requires you to trust your switch > infrastructure.
There may be other options depending on the switches used, there are various types of port security available - hard-coded MAC/port assignments, DHCP snooping, 802.1x, etc.
