Re: i can't block win98 computers
From: Greg Barniskis (nalists_at_scls.lib.wi.us)
Date: 08/16/05
- Previous message: Lowell Gilbert: "Re: disk fragmentation, <0%?"
- In reply to: vladone: "Re[2]: i can't block win98 computers"
- Next in thread: vladone: "Re[2]: i can't block win98 computers"
- Reply: vladone: "Re[2]: i can't block win98 computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 16 Aug 2005 08:50:40 -0500 To: vladone <vladone@spaingsm.com>
vladone wrote:
> Thanks all for reply!
> Now:
> 1. i try to permit only good mac and deny any else but not work. Win98
> still have internet.
> 2. one solution is probably to block acces for win98 computers to any on port 53 and block in this
> mode DNS service, but is a little strange this solution.
When a client just won't behave, sometimes the only solution is an
ugly workaround. Or upgrading the client. We banned Win98 on our
network (long before it was end-of-life) because of the load it
placed on IT staff with its rotten stability and oddities. It was
cheaper to upgrade the PCs than it was to dedicate support staff to
applying bandages to Win98.
> 3. i dont understand how work tcpdump. I used: #tcpdump -i fxp0,
> but a dont see all traffic and after close tcpdump i see an great
> number of packets dropped by kernel, without any rule for this.
This probably means that your CPU isn't powerful enough for the load
you are putting on it with this particular task. I used to be able
to effectively tcpdump our core LAN using a Pentium II, but that was
a long time ago, and that laptop is now only suitable for sniffing
on low density edge LANs. Short of upgrading, I'm sure there are
things you can do to tune the tcpdump and kernel behaviors; search
the archives for more information (or maybe someone will jump in
here with the appropriate syntax).
If you have a smart switch, you should also be able to reflect all
traffic onto one port and attach a separate sniffer device there
instead of dumping on the firewall itself.
> 4. with "arp -a" i see and mac for win98 computers. I tried to delete
> entries in arp table for win98 hosts but nothing.
>
> Is great if somebody have experience with this situation, or tested
> some solutions for this problem.
Another approach might be to use DHCP reservations (or, ugly,
manually configured IP settings on each PC), and if possible, smart
switch VLANs, to segregate Win98 clients onto their own subnet and
simply filter by IP address.
-- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Lowell Gilbert: "Re: disk fragmentation, <0%?"
- In reply to: vladone: "Re[2]: i can't block win98 computers"
- Next in thread: vladone: "Re[2]: i can't block win98 computers"
- Reply: vladone: "Re[2]: i can't block win98 computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
