Date: Fri, 02 Jul 1999 11:24:58 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: Josef Karthauser <joe@pavilion.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: your mail Message-ID: <E1100V8-00004N-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Fri, 02 Jul 1999 10:42:40 BST." <19990702104239.X69050@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, Jul 02, 1999 at 11:24:04AM +0200, Dag-Erling Smorgrav wrote:
>
> Ah, if only life were that simple ;) There are laws against that kind of
> thing :o).
>
> He's on a local area network that I'm part of. I provide routed access to
> the internet, but he's allowed access to the network to connect to other
> users (this is at home, not at work - he rent's a room from me.) The problem
> is that he's running Internet Explorer 5 in stupid "go on line for no reason
> at all" mode and until he's either un-installed it, or fixed the problem
> I've told him that I'm shutting down his internet access. That said he's
> been a naughty boy and changed his IP address a couple of times to other
> people's. He thinks that I don't know, but of course I've got changing
> ARP addresses. What I'd like to do now is ignore his MAC address on the
> server instead to get around this. (I could disconnect him from the network
> but that's harder to police.)
1) Use "arpwatch" to watch for ARP packets containing his MAC address
2) Use the "ipfw" or "ipfilter" options in your kernel
3) Catch the log entries from "arpwatch" and use them to dynamically
update the filter lists in your kernel to block whichever IP
address he's using at the time.
--
David Pick
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1100V8-00004N-00>