Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I take computer networking classes at my local college and we use the Internet for research and other proposes. Our instructor is afraid we will get viruses and trojans so she had the college admin to cut off our Internet access. Access is cut off to only our class room. She said he used packet filtering on a Cisco router to accomplish this. I cannot even ping another workstation on the same network. The only thing I can do as far as networking is ping my local box.
My question is, is it possible to use a router and packet filtering to accomplish this and is there a way around it? Our instructor said that there was no way to bypass this type of filtering.
Is it that you are trying to access the internet despite the fact that the school admin doesn't want you to or are you just asking a general question to satisfy your curiosity? If it is the latter, remember the school network and its internet connection belong to the school and not the students. They have every right to limit access. My school allows all computers in every classroom and office to access the internet. If the admin has set up the domain and its directory services correctly then viruses should not endanger the network. They could no doubt cause your workstation to stop functioning normally but shouldn't hurt the network at large.
Yes, if the computers in your classroom are subnetted then the cisco router can stop packet forwarding there rather easily and there is no way to bypass it unless you perform a serious hack. BTW even if your classroom computers are not officially segmented from the rest of the school, I believe most Cisco routers can segment if virtually if nothing else.
The class computers are Windows 2000 machines and the school server is Netware 4.2. I'm not trying to hack the class computers. The instructor gave us a green light to try and get past the packet filtering if we could, but if we do we have to tell her as soon as we get past it.
I don't really find this a good way of blocking Internet access because it also blocks all IP access. I can still see everything that is shared using IXP/SXP.
//mod.note: I think it's a *good* security question, but like Jstew said, for this to succeed you would need to perform some hostile tricks.
Since LQ doesn't do cracker stuff I choose to close this thread.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.