From owner-freebsd-security Fri Jul 2 3:10:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from news.IAEhv.nl (news.IAE.nl [194.151.64.4]) by hub.freebsd.org (Postfix) with ESMTP id 33A2C14D52 for ; Fri, 2 Jul 1999 03:10:31 -0700 (PDT) (envelope-from marc@bowtie.nl) Received: (from uucp@localhost) by news.IAEhv.nl (8.9.1/8.9.1) with IAEhv.nl id MAA26291; Fri, 2 Jul 1999 12:10:05 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by bowtie.nl (8.8.8/8.8.8) with ESMTP id MAA08755; Fri, 2 Jul 1999 12:05:12 +0200 (CEST) (envelope-from marc@bowtie.nl) Message-Id: <199907021005.MAA08755@bowtie.nl> X-Mailer: exmh version 2.0.2 2/24/98 To: Josef Karthauser Cc: Dag-Erling Smorgrav , Snob Art Genre , Bill Fink , freebsd-security@FreeBSD.ORG Subject: Re: your mail In-reply-to: joe's message of Fri, 02 Jul 1999 10:42:40 +0100. <19990702104239.X69050@pavilion.net> Date: Fri, 02 Jul 1999 12:05:12 +0200 From: Marc van Kempen Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Fri, Jul 02, 1999 at 11:24:04AM +0200, Dag-Erling Smorgrav wrote: > > Josef Karthauser writes: > > > As an associated thing can anyone think of an easy way of ignoring traffic > > > coming from a particular MAC address on the network? I've got a user who > > > keeps changing their IP address to get arround the fact that I've restricted > > > traffic to that address. > > > > So terminate him. > > Ah, if only life were that simple ;) There are laws against that kind of > thing :o). > > He's on a local area network that I'm part of. I provide routed access to > the internet, but he's allowed access to the network to connect to other > users (this is at home, not at work - he rent's a room from me.) The problem > is that he's running Internet Explorer 5 in stupid "go on line for no reason > at all" mode and until he's either un-installed it, or fixed the problem > I've told him that I'm shutting down his internet access. That said he's > been a naughty boy and changed his IP address a couple of times to other > people's. He thinks that I don't know, but of course I've got changing > ARP addresses. What I'd like to do now is ignore his MAC address on the > server instead to get around this. (I could disconnect him from the network > but that's harder to police.) > Write a little script that inserts/deletes ipfw entries based on the output of arp -a. If you find his MAC address in the list, then add the corresponding ipnr to your firewall rules, if not, delete it again. Now run this script every minute (or so) and he should effectively loose access :-) Regards, Marc. ---------------------------------------------------- Marc van Kempen BowTie Technology Email: marc@bowtie.nl WWW & Databases tel. +31 40 2 43 20 65 fax. +31 40 2 44 21 86 http://www.bowtie.nl ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message