>You can do better than this if you use a switch that allows head-end >restriction of what IP addresses (or MAC addresses; I'm a bit hazy on how >this works) can connect to each port, [...]
I checked the manuals of the four VH-2402S switches we use and yes, I can restrict the use of a certain port to one ore more specific MAC adresses. Internet access isn't restricted to certain users (since the costs are covered by generally raising the rent). The only use of authentication would be a reliable link between an IP adress and a user. Would it be possible to create a ruleset that checks for MAC *and* IP adresses? Combined with by-port restriction of MAC adresses this should do the job. Perhaps a cron entry that checks by ARP if a specific IP is linked to the right MAC adress would do in case the firewall ruleset can't? I could create a script that allows users to remotely update their MAC-Adresses, given that they have to (securely) login first, in order to keep them happy / my mailbox empty. :) >And it [restricting MAC adresses] is far from perfect; you are >still vulnerable to MAC-address spoofing. This isn't quite clear to me - how? There's no point in changing my MAC adress if my port is restricted to another one - or am I getting something wrong? >Every system on the LAN needs to be >protected somehow from other LAN systems. I agree, just like you wrote, that a 'head-end' solution for this would be quite out of scale for a dormitory. Internal protection will be every one's own affair, although I plan to provide some tips and tutorials (e.g. where to find free firewalls and AV software or how to use them). Thanks very much, Ray, Alex, Chris and Mohan, you already helped me a lot! Seeya, Björn ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
