Port forwarding only from certain MAC

[scottw]

I know this is not directly related to XL but it kind of is

I want to be able to use my Windows Mobile phone to control XL with the Thin Client from anywhere (not thru WIFI but thru the internet). I know I can just setup port forwarding on my router to point port 8000 to my XL machine and that will work but I am looking for more security since the last time I had this setup I had a CPU problem with someone hammering port 8000:
http://www.xlobby.com/forum/viewtopic.php?f=5&t=6145&hilit=+cpu

Is there a way to set it up so port 8000 will only be forwarded from a certain MAC (my cell phone)???

I see "MAC filtering" but I think that just has to do with what computers can access my router from with my network.

Thanks,

[P3rv3rt B3ar]

MAC is link layer stuff (that is only one hop). in other words it doesnt carry over network layer. So if u r bothered by external threat u just need to do filtering based on other parameters... unless u dont believe your neighbour is busting your port over wireless... for that purpose APs should have list for allowed MACs.

[scottw]

Thanks bear,

Yeah I dont believe the problem was thru someone connecting to the wireless on my router....I just didnt want anyone being able to come in on port 8000.

Can you give me some more info on the "other parameters" like some examples...a little lost on this one
Thanks

[P3rv3rt B3ar]

Mayby u could do filtering based on source address field of IP-packet, so that only IP adress space of your cell operator is passed on? Granted, if youre worrying about availability (as your first post suggest) potential attacker could still spoof the source address...

Im however having real hard time to believe that u r actually targeted by DoS attack as your first post suggests. U dont happen to have any hacker friends uve pissed off lately, do u? Im much more inclined to believe that there must have been some kinda misconfiguration somewhere on your network causing traffic u saw on port 8000...

EDIT: after rethinking 8000 is rather common port afterall, so it might receive its fairshare of nontargeted malicious traffic... its plausable, but i would still consider other reasons...

2nd EDIT: put on sniffer (forexample wireshark) and have it log the traffic HTPC receives on 8000, and lets take a look and nail your nosy neighbour

[P3rv3rt B3ar]

Now that im thinking did u just open 8000? or 8001 also? XL always establishes some server on 8001, perhaps that is needed for XNet too, and not having 8001 open causes some erratic behavior within lobby code to maxout processor cycles? just guessing here...

[scottw]

Mayby u could do filtering based on source address field of IP-packet, so that only IP adress space of your cell operator is passed on? Granted, if youre worrying about availability (as your first post suggest) potential attacker could still spoof the source address...

Im however having real hard time to believe that u r actually targeted by DoS attack as your first post suggests. U dont happen to have any hacker friends uve pissed off lately, do u? Im much more inclined to believe that there must have been some kinda misconfiguration somewhere on your network causing traffic u saw on port 8000...

EDIT: after rethinking 8000 is rather common port afterall, so it might receive its fairshare of nontargeted malicious traffic... its plausable, but i would still consider other reasons...

2nd EDIT: put on sniffer (forexample wireshark) and have it log the traffic HTPC receives on 8000, and lets take a look and nail your nosy neighbour

It may not have been an attack...that was just my assumtion. I had an FTP server on a different computer with that forwarded and I noticed it getting hit ALL the time. I did not have 8001 open before.

Mayby u could do filtering based on source address field of IP-packet, so that only IP adress space of your cell operator is passed on? Granted, if youre worrying about availability

Also yeah I would like to have it reliable as far as only working with my phone but no others but I may take the chance of having the IP spoofed...I think the odds are less with that.

Can you give me some more info on how to set this up...maybe a link to another page that would explain it.

Thanks for helping me out!!!

[Marbles_00]

A link with plenty of info can be found at: http://www.grc.com

After I got hacked a few years back, this site was a god-sent. He has an excellent port scan, and if you dive into the site, it can give you a wealth of information on network/internet security.

Another thing is google on how to setup your router. Sometime others have posted some setup tips to do certain functions.

[scottw]

I see that I may be able to just forward the port and have a firewall program block everything to that port except certain IP's. Now this may work but after looking at the built in XP firewall it blocks everything except what I have in the exceptions list. I know this is kind of backwards but I want everything allowed (nothing blocked) but anything that is coming thru port 8000 which I can filter using the IP.

Offhand does anyone know a simple and possibly free program to do this???

Thanks,

[Marbles_00]

I think Sygate Personal Firewall might be able to. The last free version was 4.6 and it was pretty good. Not sure what all you can filter, but it is easy to setup. Another good one, which I don't know if it is still around was Tiny Personal Firewall. It was very configureable. You had to know your shit with that one, but it was really good...and free at one point. But doesn't your router have these sort of settings?

[scottw]

I think Sygate Personal Firewall might be able to. The last free version was 4.6 and it was pretty good. Not sure what all you can filter, but it is easy to setup. Another good one, which I don't know if it is still around was Tiny Personal Firewall. It was very configureable. You had to know your shit with that one, but it was really good...and free at one point.

I am trying out Comodo Firewall know which seems pretty cool....it has a Training mode so you don't get hammered with "Allow or Deny" prompts. You set it for Training mode for a few weeks and it automatically learns what you need open then switch it to Default mode and look at what policies it made to make sure nothing questionable is in there.
It can also filter by MAC. I set it up to Deny everything on port 8000 except the Mac of my PPC and it seemed to work. I just didn't want to have to deal with all of the popup's so I will just keep an eye on it for the first 2 weeks, but even in training mode it did not seem to let anything thru on 8000 which is what I wanted. i will let you know what happens.

But doesn't your router have these sort of settings?

Doesn't seem to. I can either forward a port or not forward a port...was not aware of too many routers that will let you do more that that as far as what I am trying to do.

[P3rv3rt B3ar]

I told u already, dont waste your time with MAC, it wont work over internet. It works as long as two end systems are connected to same ethernet, wether its physicly to same cable, over hub or switch or within wireless range. But as soon as there is one single router between end systems MAC is discarded cause ruoter ditches the ethernet frame and repacks the IP-packet for the other link.

Its the whole point of layered architecture: IP doesnt know any details about underlying network technology including MAC, its the reason why IP can be run over such varied networks.