Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-30-2004, 07:30 AM   #1
LQ Newbie
Registered: Feb 2004
Location: Bucharest
Posts: 3

Rep: Reputation: 0
Router - Access Restriction

The situation looks like this: (it's highly technical challenging and "human resource" deffective ...)

There is a LAN in which the computers are located in appartments.
In one appartment there is a linux router that gives access to the network for some computers , and to the network and Internet for other computers.
One bum that only has network access is scanning the network , finding out what IP/MAC addresses are used , changes his own IP/MAC ... and goes out to the Internet without being allowed to.

Besides the highly subjective nature af the issue ... how can I restrict this bum from accessing the Internet ?

I don't have a layer 3 swhitch and he has absolute rights over his own computer ... so the only way would be to restrict him from the router.(other than unplugging him from the switch).

I'm all out of ideas so please jump in with a thought.

Thank you !

P.S. Making fun of me for letting myself get in a situation like this ... is deffinetly allowed.
Old 10-30-2004, 09:36 AM   #2
Registered: Sep 2004
Distribution: Slackware 10, Gentoo
Posts: 292

Rep: Reputation: 30
well theres a number of solutions, have you tried the "big stick and a tire iron" way?
Old 10-30-2004, 11:00 AM   #3
Registered: Oct 2004
Location: Northville, MI
Distribution: Slackware
Posts: 65

Rep: Reputation: 15
If he can clone a MAC and IP, and assume the role of any of the other computers on the network, you'll simply have to unplug him from the Ethernet switch. Unless your switch has the capabilities of assigning a specific IP address to a port, or a specific MAC address to a port, I'd just unplug him. Or, you can create a VLAN (virtual LAN) that isolates him, and him only, so that he cannot see the other computers on the network (this is usually a feature of higher end switches, or managed switches). An important thing to note is that attacks/exploits from the [i]inside[/b] are very tough to combat.. so agressive measures need to be taken. My first step, while trying to figure out the more technical methods that I've mentioned above, would be to disconnect him completely.
Old 10-30-2004, 11:28 AM   #4
Registered: Sep 2004
Distribution: Slackware 10, Gentoo
Posts: 292

Rep: Reputation: 30
Like I said. Big stick and a tire iron...
Old 11-01-2004, 10:27 PM   #5
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83

Rep: Reputation: 15
What about installing another NIC in the router and then attatch that specific computer to the nic (or though another switch/hub). Then you should be able to block his access to the internet. Set it up something like this

NIC 1: Internet
NIC 2: Bad Guy
NIC 3: Rest of network

Then restrict the bad guy nic from accessing the internet, but ok to access rest of the network, The rest of network can access the internet.
Something like this should work for you. It would be helpful to know what routing software you are using too.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Access Timing Restriction problem gurusmaran Linux - Security 1 10-19-2005 02:03 AM
Linux Filesystem access restriction Pico_01 Linux - General 5 07-07-2005 12:34 PM
CVS access restriction pedrosan Linux - Software 0 05-21-2004 03:33 AM
Can't Access Outside of my Router kasb Linux - Networking 9 10-26-2003 07:56 PM
Telnet Access Restriction mocha Linux - Networking 1 09-16-2001 02:17 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:34 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration