Helge Winberg wrote: > I have a public network with 60 nodes on the LAN. > 5 of those nodes run some kaza,napster,edonkey... app. > > the problem is as follows: > 1) they use diferrent ports all the time. > 2) the network is open, so new machines are on tomorrow. > 3) Trafic Shaper wizzard dont catch the problem. > 4) No way to block single MAC address (only allow) > > What i realy miss, is a way to block a single users MAC address - OR > a way to distribute trafic evenly to clients no matter what they do. > > Please Help.. > no chance without a good ALG or a hard policy for internet-use. 1. if you want to filter by MAC or by IP (DHCP, static) the user can change his MAC within 1 minute, so the filtering is for the birds. 2. a better way is only allowing the "standard" ports for outgoing traffic, but if the user is smart enough he tunnels the traffic through an allowed port. Now you can implement a proxy with ACLs, but the user can now use HTTPS for tunneling and a unknown server as endpoint and you are once more the looser.
the easiest way is to add the existing (I hope you have one) policy for the use of the internet out of your managed net: 1. The use of P2P clients like Kazaa etc. is forbidden. 2. Tunneling is forbiden 3. Violation costs 1000€ and the order to stay away from the house. This sounds hard, but if you are the owner or the responsible person of the internetaccess it is your own chance. bye Christoph --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
