LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Router - Access Restriction (https://www.linuxquestions.org/questions/linux-security-4/router-access-restriction-249049/)

ciop 10-30-2004 06:30 AM
Router - Access Restriction
 
The situation looks like this: (it's highly technical challenging and "human resource" deffective ...)

There is a LAN in which the computers are located in appartments.
In one appartment there is a linux router that gives access to the network for some computers , and to the network and Internet for other computers.
One bum that only has network access is scanning the network , finding out what IP/MAC addresses are used , changes his own IP/MAC ... and goes out to the Internet without being allowed to.

Besides the highly subjective nature af the issue ... how can I restrict this bum from accessing the Internet ?

I don't have a layer 3 swhitch and he has absolute rights over his own computer ... so the only way would be to restrict him from the router.(other than unplugging him from the switch).

I'm all out of ideas so please jump in with a thought.

Thank you !

P.S. Making fun of me for letting myself get in a situation like this ... is deffinetly allowed.

m00t00 10-30-2004 08:36 AM
well theres a number of solutions, have you tried the "big stick and a tire iron" way?

neilman 10-30-2004 10:00 AM
If he can clone a MAC and IP, and assume the role of any of the other computers on the network, you'll simply have to unplug him from the Ethernet switch. Unless your switch has the capabilities of assigning a specific IP address to a port, or a specific MAC address to a port, I'd just unplug him. Or, you can create a VLAN (virtual LAN) that isolates him, and him only, so that he cannot see the other computers on the network (this is usually a feature of higher end switches, or managed switches). An important thing to note is that attacks/exploits from the [i]inside[/b] are very tough to combat.. so agressive measures need to be taken. My first step, while trying to figure out the more technical methods that I've mentioned above, would be to disconnect him completely.

m00t00 10-30-2004 10:28 AM
Like I said. Big stick and a tire iron...

shmude 11-01-2004 09:27 PM
What about installing another NIC in the router and then attatch that specific computer to the nic (or though another switch/hub). Then you should be able to block his access to the internet. Set it up something like this

NIC 1: Internet
NIC 2: Bad Guy
NIC 3: Rest of network


Then restrict the bad guy nic from accessing the internet, but ok to access rest of the network, The rest of network can access the internet.
Something like this should work for you. It would be helpful to know what routing software you are using too.


All times are GMT -5. The time now is 07:04 AM.