How to hide MAC Address

On freeBSD server(gateway, DDNS, DHCP), I use "arp -s IP MAC_Address pub" to protect some important computers from steeling IP. But someone else in Network can do this: ping IP, then arp -a, he can know MAC_address of an inportant computer, then he changes his own MAC_address, and then steels IP.
How to hide MAC_Address?
I'm sorry for my not good English!
 
The OP needs to learn more about ethernet and then he'll realize his question is pretty much a no brainer.

MAC addresses are needed to communicate on layer 2.
 
It is impossible to hide your MAC address. It is required for other computers to send network traffic to your machine.

Or to analogise, how do you expect to receive mail if you don't give anyone your house address?
 
What's the danger if someone actually takes one of those IP addresses?

Servers should have fixed IP addresses anyway.
 
Detective, what you need is a switch that can prevent ports from learning new MAC addresses. That will help prevent someone from getting anywhere with a modified MAC address.
 
SirDice said:
What's the danger if someone actually takes one of those IP addresses?

Possible MITM attack, with aggressive ARP spoofing. (My guess is that is what OP is seeing.)
 
Detective said:
On freeBSD server(gateway, DDNS, DHCP), I use "arp -s IP MAC_Address pub" to protect some important computers from steeling IP. But someone else in Network can do this: ping IP, then arp -a, he can know MAC_address of an inportant computer, then he changes his own MAC_address, and then steels IP.
How to hide MAC_Address?

Don't know much about this hacking stuff, but how is it possible to hijack a server from outside by using it's ip or MAC adress? As far as I can see it only makes sense when someone tries this from a machine in the same subnet so he needs fysical access to the network.
 
anomie said:
Possible MITM attack, with aggressive ARP spoofing. (My guess is that is what OP is seeing.)

Yes, I know what the possible dangers are. I'm just wondering what the OP wants to prevent.
 
Detective said:
I know MAC Address is needed. But I don't want it is found out by such common commands

Then you are out of luck. Your security shouldn't rely on it anyway.
 
@Detective: If you still need help, please try to be crystal clear about the problem you are trying to solve. "Hiding" a MAC address is not a solution.
 
It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address. Stop them physically connecting to your network.
 
jem said:
It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address. Stop them physically connecting to your network.

Having a LART on standby usually helps :e
 
jem said:
It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address. Stop them physically connecting to your network.


try to set 1 IP per mac
 
Back
Top