Stefan Winter wrote:
> * DHCP logging+firewall locks: some participants in eduroam go to great
> lengths: they issue IP addresses with DHCP *and* lock all currently unleased
> IP addresses so that a change of IP address by a malicious user will either
> be caught by the firewall or lead to a clash and thereby disturb connectivity
> for him. Drawback: the approach is quite sophisticated and depends on a
> seamless interaction between DHCP and firewall equipment.
>
We do exactly this (opening access only for pairs MAC+IP) using a
dedicated Linux box which serves both as the DHCP server and a firewall
for the wireless network.
This works quite fine.
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED] http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
