What can be done to prevent unauthorized hosts from getting access to my network? In other words what would prevent someone from plugging into my hub and getting an ip? I could give ips to only certain hardware addresses but couldn't someone set a static on within an acceptable range?

In samba i could set hosts allow, but that just limits access based on ip's = hostname in lmhosts; correct? I think a machine with the an acceptable ip would get access even if the netbios name did not match.

ideas? RH7.2, Samba with windows xp and 98 clients

Short answer - given time and opportunity, bugger all.

But..... you can make it difficult.

Replace the hub(s) with a layer 3 switch (es) and read up on ACLs.

Restrict each (switch) port to a specific MAC address and block unused ports (so to spoof a MAC address, they have to pull something off the network - your users _may_ notice when someone nicks their connection.)

You could set the ACLs so that the MAC address can't reconnect to the port within a certain period of time (1/2 hr ?), but this is flaky if J Random Luser reboots his machine a lot.

Unfortunately, in XP and 2000 you can change the MAC address on your machine to whatever you want, so an ACL based around MAC addresses is breakable, but not too bad.

Howzit

If your server is running as a DHCP server as well, then u could creat rules that only those MAC are accpeted by the DHCP server and all others will not get a addr. To get these addr and MAC addr try using the cmd arp -a

chow