> now was slightly worried that if 192.168.0.10 machine is switched off,
> someone can assign 192.168.0.10 to his/her machine and access net.
>
> my method is not good though, and would appreciate if anyone can provide
> something better.
If your network is small, you can probably try scanning the arp table at
regular intervals and then find out if someone is using an ip address not
assigned to the mac address of that card. When you find out a rouge machine
using an ip address, ban it's mac address from the network and talk to the
user. If you are doing this in a normal office environment and you feel that
this can be an issue, then I guess you need better users or probably a more
sophisticated firewalling solution. Probably you might need to use or
develop some code that will allow you to do mac address level screening at
the firewall. Note that a user could probably also change the mac address of
his card to match that of a taken over machine, so this method is not
completely foolproof. The only real solution would be to have some kind of
user authentication other than mc addresses and ip addresses. You might
wan't to check out products that allow access to firewalled resources only
after they have successfully authenticated. Probably this might mean setting
up a proxy, but if you have a hostile environment, then plugging leaks is
not a good security system. Rather a system where you only allow access to
properly authenticated users is a good idea.
If you have people who are sophisticated enough to change ip addresses and
mac addresses, you will probably need professional help as the users will be
quite sophisticated. In schools and colleges this can be a big problem, but
you can find solutions specially tailored for this kind of users. Don't
expect a oss/free solution. Most security/firewall products are quite
expensive and this is not the kind of use that most oss firewalls
(Linux/*BSD) will address properly.
Ambar
================================================
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject
header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
