Use Vlans and connect those users to it, no matter the IP the use, they will not be able to communicate using other than the assigned to their subnet. Then, apply the filter on your firewall or proxy.
-----Original Message----- From: Ron DuFresne [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 6:08 PM To: Marc Sahr Cc: [EMAIL PROTECTED] Subject: Re: FW: Restricting User from Changing IP Umm, marc, many many NICs allow this, even the onboard sun NICs can do this. Thanks, Ron DuFresne On Tue, 12 Feb 2002, Marc Sahr wrote: > Huh? How can a hard-coded mac address be changed? It's burned into the > NIC controller chip, and every single network-attached device has a > unique MAC address. I've never heard of being able to change them. > > Marc > > -----Original Message----- > From: Marc DVer [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 12, 2002 1:12 PM > To: [EMAIL PROTECTED] > Subject: Re: Restricting User from Changing IP > > > I'm no expert, but as has been stated here, MAC addresses can be changed > very easily. > > If this were my situation, and if I were in a windows enviorment, I > would > lock down the computers using something like Fortres (which I actually > use, > by the way). Just lock down the desktop and users can't change the ip. > > Marc DVer > Head of MIS > White Eagle Laboratories, Inc. > > ----- Original Message ----- > From: "Mike Fetherston" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, February 12, 2002 2:46 PM > Subject: Re: Restricting User from Changing IP > > > > or if no policies are in place restricting the users machine, and > there > > won't be any.. ever... you can limit to IP address and MAC. i.e. set > a > rule > > that states specifically both MAC's and IP's, have your default policy > to > > DENY (of course). > > > > Mike. > > > > ----- Original Message ----- > > From: "Noonan, Wesley" <[EMAIL PROTECTED]> > > To: "'Nick'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, February 12, 2002 2:40 PM > > Subject: RE: Restricting User from Changing IP > > > > > > > Build your environment so that there isn't a way around?? Seriously. > > > > > > What OS are the users using? If they aren't administrators on > Windows, I > > > don't think they can change their IP addresses. Sounds like it is > time > to > > > start revoking privileges... > > > > > > Wes Noonan, MCSE/MCT/CCNA/CCDA/NNCSS > > > Senior QA Rep. > > > BMC Software, Inc. > > > (713) 918-2412 > > > [EMAIL PROTECTED] > > > http://www.bmc.com > > > > > > > > > -----Original Message----- > > > From: Nick [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, February 12, 2002 13:32 > > > To: [EMAIL PROTECTED] > > > Subject: Restricting User from Changing IP > > > > > > I got some nasty users behind proxying / filtering server,.. > > > sometimes they change their ip address to get out from the > restrictions. > > > > > > What should I do to prevent this ? ( I use iptables ) > > > > > > TIA > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls This email and any attachments hereto, contain confidential and privileged information intended only for the addressee. Please do not read, copy or disseminate it, unless your are the addressee. If this email is received in error, please notify TRICOM immediately at (809) 476-4146. TRICOM disclaims all responsibility from and accepts no liability for any unauthorized person acting, or refraining from acting, on any information herein contained. Este email y cualquier anexo al mismo, contiene informacion privilegiada y confidencial dirigida solo al destinatario. Por favor no lo lea, copie ni distribuya, a menos que sea el destinatario. Si recibe este email por error, por favor notifique inmediatamente a TRICOM al (809) 476-4146. TRICOM no es responsable por la accion u omision en base a la informacion contenida en este email, de cualquier persona no autorizada. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
