On Mon, Nov 29, 2010 at 4:51 AM, James Bensley <jwbens...@gmail.com> wrote:
> I think it would be an useful feature to have; if you have a pfsense box at > the end of a leased line, private virtual circuit or vpn, it would be good > to check the device at the other has x MAC address to try and rule out any > security features like a MITM attack or something like that... > It really isn't that useful, since spoofing a MAC address is fairly trivial. So, the theoretical MITM attack prevention would just be false security, and might be why pfsense doesn't support it. Now, it might be nice to have something in place to make thing harder, but this wouldn't be adding anything hard to work around. Thanks, Gerald
