Joseph Hicks (1/15/2008)
Michael Valentine Jones (1/15/2008)
Joseph Hicks (1/15/2008)
Andy Warren (1/15/2008)
... The other point is that hostname can be spoofed on purpose or accidentally ...We had a group of developers (from before my employment) use this to identify the class of a process. Unfortunately for me, this was then used in other processes to automate other processes, so now I'm stuck in a sea of "I can't tell which computers the connections are coming from", so I've turned to using MAC addresses (I know SQL will return them, but I'm not currently looking at my code - I'll update this post later). I'd think this would be a much more reliable method of determining which computers are connecting, but I know almost nothing of MAC addresess and haven't figured out how to tie them to an IP address without explicitly checking the MACs of each of our computers.
You should be aware that the MAC address can be changed dynamically, so a restriction based on MAC address is not foolproof.
The old DECnet protocol depended on the ability of a system to assign the MAC address to a specific address.
At this point, I'm not as much interested in creating automated restriction rules (assuming that's what you're referring to), but more of identifying what PC a given SQL authenticated process is running from. We have an application user that is intended to only be used by applications (we can't use full windows authentication at this time), but I've seen that user pop up on other machines with spoofed machine names, so I've used MAC addresses (with limited success thus far) to track where the connections are coming from and find out who is doing it.
My point was not about restrictions, but that the MAC address of a client can be set to anything, so it is possible to spoof the address.
I realize that most people wouldn't change the MAC adress and would not know how, but someone who is trying to break into a system might know how, and would have incentive to do so.