Hi guys!
I've been running iptraf and arpwatch hand-in-hand to monitor network
traffic/loading within my network and at the same time to keep track of IP
addresses pairings passing within. And so far, after running it for a
couple of days, i have discovered some malicious connections.
Several networks are connected within my LAN to have internet access. I
have one small room (their swith hub patched to one of my Switch
port) leasing dynamic IP Addresses from my LINUX box running as DHCP/Proxy
Server for the workstations in that LAN. (3 Static IP addresses were
assigned to their NT Servers)
NOTE: all other in-building clients connected to several switches within
the building were assigned STATIC IP Addresses from my IP Address Pool to
get internet access.
Here's the issue...
1. Computers from that single room that were being served/leased by my
Linux DHCP/Proxy Server with dynamic IP Addresses, are somehow, not
getting any lease from the server. from my messages log file, it says...
"192.168.1.23 no free lease on subnet blah, blah, blah...."
Question : How can i prevent these winblowz PCs from getting into my
system? it's very annoying since they were also recorded in my system's
ARP cache.
2. I have this whole chunk of /24 network. (111.222.333.0). And so far
after taking a deeper look in my IP Address Allocation Table, i have used
almost half of it (around 192 IP Addresses to be exact). Now, i discovered
that some winblowz workstations within the building are pulling-out some
unused/undesignated IP Addresses within my pool. They are manually
assigning IP addresses on their workstations.
Question: How can i prevent this? How can i also deny connections from
these workstations? They are also using my proxy server to surf the net.
Thank you so much in advance,
Val
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
