Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-30-2004, 07:30 AM
|
#1
|
LQ Newbie
Registered: Feb 2004
Location: Bucharest
Posts: 3
Rep:
|
Router - Access Restriction
The situation looks like this: (it's highly technical challenging and "human resource" deffective ...)
There is a LAN in which the computers are located in appartments.
In one appartment there is a linux router that gives access to the network for some computers , and to the network and Internet for other computers.
One bum that only has network access is scanning the network , finding out what IP/MAC addresses are used , changes his own IP/MAC ... and goes out to the Internet without being allowed to.
Besides the highly subjective nature af the issue ... how can I restrict this bum from accessing the Internet ?
I don't have a layer 3 swhitch and he has absolute rights over his own computer ... so the only way would be to restrict him from the router.(other than unplugging him from the switch).
I'm all out of ideas so please jump in with a thought.
Thank you !
P.S. Making fun of me for letting myself get in a situation like this ... is deffinetly allowed.
|
|
|
10-30-2004, 09:36 AM
|
#2
|
Member
Registered: Sep 2004
Distribution: Slackware 10, Gentoo
Posts: 292
Rep:
|
well theres a number of solutions, have you tried the "big stick and a tire iron" way?
|
|
|
10-30-2004, 11:00 AM
|
#3
|
Member
Registered: Oct 2004
Location: Northville, MI
Distribution: Slackware
Posts: 65
Rep:
|
If he can clone a MAC and IP, and assume the role of any of the other computers on the network, you'll simply have to unplug him from the Ethernet switch. Unless your switch has the capabilities of assigning a specific IP address to a port, or a specific MAC address to a port, I'd just unplug him. Or, you can create a VLAN (virtual LAN) that isolates him, and him only, so that he cannot see the other computers on the network (this is usually a feature of higher end switches, or managed switches). An important thing to note is that attacks/exploits from the [i]inside[/b] are very tough to combat.. so agressive measures need to be taken. My first step, while trying to figure out the more technical methods that I've mentioned above, would be to disconnect him completely.
|
|
|
10-30-2004, 11:28 AM
|
#4
|
Member
Registered: Sep 2004
Distribution: Slackware 10, Gentoo
Posts: 292
Rep:
|
Like I said. Big stick and a tire iron...
|
|
|
11-01-2004, 10:27 PM
|
#5
|
Member
Registered: Aug 2003
Distribution: Fedora, DSL, LAS, Knoppix
Posts: 83
Rep:
|
What about installing another NIC in the router and then attatch that specific computer to the nic (or though another switch/hub). Then you should be able to block his access to the internet. Set it up something like this
NIC 1: Internet
NIC 2: Bad Guy
NIC 3: Rest of network
Then restrict the bad guy nic from accessing the internet, but ok to access rest of the network, The rest of network can access the internet.
Something like this should work for you. It would be helpful to know what routing software you are using too.
|
|
|
All times are GMT -5. The time now is 07:36 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|