http://cr.yp.to/djbdns.html
Jason On Tue, Sep 12, 2006 at 08:38:04AM -0400, Brian Henning wrote: > Heh. Yeah, except we don't currently do in-house DNS (though > eventually, if I ever have time for hobby projects like that, I would > love to set it up..) > > ~B > > Shawn William Taylor wrote: > >Why don't you use an IP rule based on their DNS entry? > >They shouldn't be able to figure that out. > > > >Unless they monitor this list! > > > >:) > > > >shawn > > > > > > > > > > > >"Aaron S. Joyner" <[EMAIL PROTECTED]> > >Sent by: [EMAIL PROTECTED] > >09/11/2006 08:09 PM > >Please respond to > >Triangle Linux Users Group discussion list <[email protected]> > > > > > >To > >Triangle Linux Users Group discussion list <[email protected]> > >cc > > > >Subject > >Re: [TriLUG] MAC-based web blocking > > > > > > > > > > > > > >Brian Henning wrote: > > > >>The reason I don't want to use IP-based rules is that our problem > >>users are probably resourceful enough to try resetting their IPs. > >> > >>But yeah, I was already on that track; glad to have some encouraging > >>suggestions. :-) > >> > >>Thanks! > >>~B > > > >So I'm like 5 days late in replying to this... but do you think they're > >not also resourceful enough to change their MAC addresses? You could do > >it by switch port if you're feeling particularly script-happy (and have > >basic managed switches), but what keeps them from plugging into a new > >switch port? If you're feeling like doing it right, use a managed > >switch and 802.1x to lock them into a separate VLAN, from which > >controlling access is a simple matter of only allowing http through > >squid from the subnet associated with that VLAN. Anything else just > >helps you sleep better at night, thinking you've actually achieved some > >controls they can't get around. But perhaps sleep or plausible > >deniability is all you're really after. > > > >Aaron S. Joyner > > -- > ---------------- > Brian A. Henning > strutmasters.com > 336.597.2397x238 > ---------------- > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ -- ================================================ | Jason Welsh [EMAIL PROTECTED] | | http://monsterjam.org DSS PGP: 0x5E30CC98 | | gpg key: http://monsterjam.org/gpg/ | ================================================ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
