Date: Fri, 02 Jul 1999 12:05:12 +0200 From: Marc van Kempen <marc@bowtie.nl> To: Josef Karthauser <joe@pavilion.net> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Snob Art Genre <ben@narcissus.net>, Bill Fink <bill@billfink.com>, freebsd-security@FreeBSD.ORG Subject: Re: your mail Message-ID: <199907021005.MAA08755@bowtie.nl> In-Reply-To: joe's message of Fri, 02 Jul 1999 10:42:40 %2B0100. <19990702104239.X69050@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, Jul 02, 1999 at 11:24:04AM +0200, Dag-Erling Smorgrav wrote: > > Josef Karthauser <joe@pavilion.net> writes: > > > As an associated thing can anyone think of an easy way of ignoring traffic > > > coming from a particular MAC address on the network? I've got a user who > > > keeps changing their IP address to get arround the fact that I've restricted > > > traffic to that address. > > > > So terminate him. > > Ah, if only life were that simple ;) There are laws against that kind of > thing :o). > > He's on a local area network that I'm part of. I provide routed access to > the internet, but he's allowed access to the network to connect to other > users (this is at home, not at work - he rent's a room from me.) The problem > is that he's running Internet Explorer 5 in stupid "go on line for no reason > at all" mode and until he's either un-installed it, or fixed the problem > I've told him that I'm shutting down his internet access. That said he's > been a naughty boy and changed his IP address a couple of times to other > people's. He thinks that I don't know, but of course I've got changing > ARP addresses. What I'd like to do now is ignore his MAC address on the > server instead to get around this. (I could disconnect him from the network > but that's harder to police.) > Write a little script that inserts/deletes ipfw entries based on the output of arp -a. If you find his MAC address in the list, then add the corresponding ipnr to your firewall rules, if not, delete it again. Now run this script every minute (or so) and he should effectively loose access :-) Regards, Marc. ---------------------------------------------------- Marc van Kempen BowTie Technology Email: marc@bowtie.nl WWW & Databases tel. +31 40 2 43 20 65 fax. +31 40 2 44 21 86 http://www.bowtie.nl ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907021005.MAA08755>