> now was slightly worried that if 192.168.0.10 machine is switched off, > someone can assign 192.168.0.10 to his/her machine and access net. > > my method is not good though, and would appreciate if anyone can provide > something better. If your network is small, you can probably try scanning the arp table at regular intervals and then find out if someone is using an ip address not assigned to the mac address of that card. When you find out a rouge machine using an ip address, ban it's mac address from the network and talk to the user. If you are doing this in a normal office environment and you feel that this can be an issue, then I guess you need better users or probably a more sophisticated firewalling solution. Probably you might need to use or develop some code that will allow you to do mac address level screening at the firewall. Note that a user could probably also change the mac address of his card to match that of a taken over machine, so this method is not completely foolproof. The only real solution would be to have some kind of user authentication other than mc addresses and ip addresses. You might wan't to check out products that allow access to firewalled resources only after they have successfully authenticated. Probably this might mean setting up a proxy, but if you have a hostile environment, then plugging leaks is not a good security system. Rather a system where you only allow access to properly authenticated users is a good idea.
If you have people who are sophisticated enough to change ip addresses and mac addresses, you will probably need professional help as the users will be quite sophisticated. In schools and colleges this can be a big problem, but you can find solutions specially tailored for this kind of users. Don't expect a oss/free solution. Most security/firewall products are quite expensive and this is not the kind of use that most oss firewalls (Linux/*BSD) will address properly. Ambar ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org