Date: Fri, 02 Jul 1999 11:24:58 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: Josef Karthauser <joe@pavilion.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: your mail Message-ID: <E1100V8-00004N-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Fri, 02 Jul 1999 10:42:40 BST." <19990702104239.X69050@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, Jul 02, 1999 at 11:24:04AM +0200, Dag-Erling Smorgrav wrote:
> =
> Ah, if only life were that simple ;) There are laws against that kind =
of
> thing :o).
> =
> He's on a local area network that I'm part of. I provide routed access=
to
> the internet, but he's allowed access to the network to connect to othe=
r
> users (this is at home, not at work - he rent's a room from me.) The p=
roblem
> is that he's running Internet Explorer 5 in stupid "go on line for no r=
eason
> at all" mode and until he's either un-installed it, or fixed the proble=
m
> I've told him that I'm shutting down his internet access. That said he=
's
> been a naughty boy and changed his IP address a couple of times to othe=
r
> people's. He thinks that I don't know, but of course I've got changing=
> ARP addresses. What I'd like to do now is ignore his MAC address on th=
e =
> server instead to get around this. (I could disconnect him from the ne=
twork
> but that's harder to police.)
1) Use "arpwatch" to watch for ARP packets containing his MAC address
2) Use the "ipfw" or "ipfilter" options in your kernel
3) Catch the log entries from "arpwatch" and use them to dynamically
update the filter lists in your kernel to block whichever IP
address he's using at the time.
-- =
David Pick
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1100V8-00004N-00>