RE: How do you keep users from stealing other user's ip??

---

• From: "Ted Mittelstaedt" <tedm@xxxxxxxxxxxxxxxx>
• Date: Sun, 26 Mar 2006 02:05:54 -0800

---

Hi Mark,

The only way you can really lock it down is to statically assign
everything (either with a DHCP server that has a table of mac addresses)
and maintain an accurate list of mac addresses, and use managed switches
that have filtering capabilities.

We do this on bridged DSL networks (except for the managed switch part)
and it's actually a lot easier to manage that most people think.

What you have to do is when a new person hooks into the network,
you give them a test IP address, you ping that, get their MAC for that,
then hard code that into your DHCP server and tell them to switch
over to DHCP to get their permanent address. Once they do that, hard-
code the IP address and mac in the router ARP table, and install a
filter on the switch port going to them that ignores any traffic
that originates from a different MAC than the one that you probed
from them.

Ted

-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx
[mailto:owner-freebsd-questions@xxxxxxxxxxx]On Behalf Of Mark Jayson
Alvarez
Sent: Thursday, March 23, 2006 10:26 PM
To: questions@xxxxxxxxxxx
Subject: How do you keep users from stealing other user's ip??


Good day,


We are trying to reorganize our local area network and I need
some tips on how you are managing your own lan...

We have a vanilla pc router with interface facing our private
lan and interface facing the Internet.

One problem which we are experiencing right now is that any
user from private lan can use any ip address he wants. If he
boots his computer with a stolen ip address, the poor owner of
that machine(not active at the moment) will give automatically
up his ip address to this user. The same scenario for public ip
addresses. Basically, we need to track down the users through
their ip address.. But this is trivial as of now since anyone
can use any ip he wants. Even if there is a solution out there
to tie up his mac address to his ip address..(sort of checking
the mac first before giving him an ip, possibly through dhcp..)
still, users can just download applications which will enable
him to change his mac address....

Now, where thinking about authenticating users before he is
allowed to use a particular network service(internet proxy,
mail etc.) because I guess it is a clever way of keeping the
bad users from doing something bad within your network when
after all, the reason why he is plugging his lancard to the
network is to use a particular service. However, it still
doesn't keep them from playing around and steal other ip
addresses or mac addresses and thus denying network access to
those legitimate owners. I'm thinking about tying dhcp with
authentication, and freeradius comes to mind.. I just need some
more tips from you. User's workstations are mixed Windows and
*nixes. Some have laptops with wireless interfaces.

Any idea how to handle this situations??
Thanks...



---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your
PC and save big.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 3/24/2006

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • RE: How do you keep users from stealing other user's ip??
    • From: Jonathan Horne

• References:
  • How do you keep users from stealing other user's ip??
    • From: Mark Jayson Alvarez

• Prev by Date: Re: E-mail server, minimalist approach
• Next by Date: RE: Thanks! and... the su command
• Previous by thread: Re: How do you keep users from stealing other user's ip??
• Next by thread: RE: How do you keep users from stealing other user's ip??
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Mac Hostname on Network ... hostnames to the names of random Windows PCs on the network. ... it looks for a DHCP server, specifying its own name as the DHCP Client ... Along comes your Mac and asks the DHCP server for an IP address. ... name assigned by the network as its hostname. ... (comp.sys.mac.system) TidBITS#794/29-Aug-05 ... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ... (comp.sys.mac.digest) Re: Network Security ... >>I've been tasked to protect out network from unwanted clients ... > configure the DHCP server to only give out addresses to specific MAC ... > that says no visiting computers. ... >>not 'known' to us then we can stop it getting an IP from the DHCP server? ... (linux.redhat) Re: Mac Hostname on Network ... hostnames to the names of random Windows PCs on the network. ... it looks for a DHCP server, specifying its own name as the DHCP Client ... if your DNS was configured so that the LAN was called ... Along comes your Mac and asks the DHCP server for an IP address. ... (comp.sys.mac.system) Re: Identifying a computer ... Stop thinking at the IP level and start thinking at the MAC level. ... But this does mean that they might still flood ping your server itself. ... Next step is to stop it from using your internal network. ... * If you dont have managed switches, now's the time to go get one. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)