Router - Access Restriction
The situation looks like this: (it's highly technical challenging and "human resource" deffective ...)
There is a LAN in which the computers are located in appartments. In one appartment there is a linux router that gives access to the network for some computers , and to the network and Internet for other computers. One bum that only has network access is scanning the network , finding out what IP/MAC addresses are used , changes his own IP/MAC ... and goes out to the Internet without being allowed to. Besides the highly subjective nature af the issue ... how can I restrict this bum from accessing the Internet ? I don't have a layer 3 swhitch and he has absolute rights over his own computer ... so the only way would be to restrict him from the router.(other than unplugging him from the switch). I'm all out of ideas so please jump in with a thought. Thank you ! P.S. Making fun of me for letting myself get in a situation like this ... is deffinetly allowed. |
well theres a number of solutions, have you tried the "big stick and a tire iron" way?
|
If he can clone a MAC and IP, and assume the role of any of the other computers on the network, you'll simply have to unplug him from the Ethernet switch. Unless your switch has the capabilities of assigning a specific IP address to a port, or a specific MAC address to a port, I'd just unplug him. Or, you can create a VLAN (virtual LAN) that isolates him, and him only, so that he cannot see the other computers on the network (this is usually a feature of higher end switches, or managed switches). An important thing to note is that attacks/exploits from the [i]inside[/b] are very tough to combat.. so agressive measures need to be taken. My first step, while trying to figure out the more technical methods that I've mentioned above, would be to disconnect him completely.
|
Like I said. Big stick and a tire iron...
|
What about installing another NIC in the router and then attatch that specific computer to the nic (or though another switch/hub). Then you should be able to block his access to the internet. Set it up something like this
NIC 1: Internet NIC 2: Bad Guy NIC 3: Rest of network Then restrict the bad guy nic from accessing the internet, but ok to access rest of the network, The rest of network can access the internet. Something like this should work for you. It would be helpful to know what routing software you are using too. |
All times are GMT -5. The time now is 07:04 AM. |