I would think you would discourage students more by blocking YouTube, MySpace & IM ports. That limits the usefulness of spoofing.
Bruce Osborne Liberty University -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Thursday, June 12, 2008 5:28 PM To: [email protected] Subject: Re: [CLEANACCESS] L3 Inband filter Riegert, Timothy J. wrote: > I would > assume that we have to filter gaming systems by assigning them specific > IP addresses (since there are multiple hops to the CAS', prohibiting mac > filtering), that we then add to a subnet filter. > > What is everyone doing to prevent users from manually assigning IP > addresses that are in the filter (I guess the problem still exists with > users manipulating mac-addresses in L2 mode)? Hi, Tim. Sorry to hear you can't do MAC filtering directly for game systems, that's really more effective. But still the temptation is to register a PC as a game system as a means to attempt to avoid scrutiny. Here, my game system role is somewhat limited, in that game systems really don't need to do things on your campus much, like visit your own web servers, mail server, etc. All the need is Internet access and to chat with their friends in the residence halls. A PC that can't get your email, print to your printers, work with Library resources, and the like is probably going to discourage them from continuing the impersonation, don't you think. And if they're satisfied with that restricted access, you're still better off than you were... -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "There is something contagious about demanding freedom. --Robin Morgan.
