From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 06:01:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D9D316A420 for ; Fri, 24 Mar 2006 06:01:41 +0000 (UTC) (envelope-from jay2xra@yahoo.com) Received: from web51615.mail.yahoo.com (web51615.mail.yahoo.com [206.190.39.127]) by mx1.FreeBSD.org (Postfix) with SMTP id 9EF2243D49 for ; Fri, 24 Mar 2006 06:01:40 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 86795 invoked by uid 60001); 24 Mar 2006 06:01:40 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=zvOK5UzEmFzbFsyOMT1XU43cKhV+6lTLPYJfQy+IhyxdgcRD8rbtFMU/EQQzFq8oNzOMFP2JBTSdlSLVYCUi+WK8lIdon+ThKEiunvceouBV7LuPL2OHpOMPyVWVe8O0Gy4oIXt2dHkIMeqlVE1onyoxAmFZYQ5jcxBDfZNMHO8= ; Message-ID: <20060324060140.86793.qmail@web51615.mail.yahoo.com> Received: from [202.90.158.202] by web51615.mail.yahoo.com via HTTP; Thu, 23 Mar 2006 22:01:40 PST Date: Thu, 23 Mar 2006 22:01:40 -0800 (PST) From: Mark Jayson Alvarez To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 06:01:41 -0000 Good day, We are trying to reorganize our local area network and I need some tips on how you are managing your own lan... We have a vanilla pc router with interface facing our private lan and interface facing the Internet. One problem which we are experiencing right now is that any user from private lan can use any ip address he wants. If he boots his computer with a stolen ip address, the poor owner of that machine(not active at the moment) will give automatically up his ip address to this user. The same scenario for public ip addresses. Basically, we need to track down the users through their ip address.. But this is trivial as of now since anyone can use any ip he wants. Even if there is a solution out there to tie up his mac address to his ip address..(sort of checking the mac first before giving him an ip, possibly through dhcp..) still, users can just download applications which will enable him to change his mac address.... Now, where thinking about authenticating users before he is allowed to use a particular network service(internet proxy, mail etc.) because I guess it is a clever way of keeping the bad users from doing something bad within your network when after all, the reason why he is plugging his lancard to the network is to use a particular service. However, it still doesn't keep them from playing around and still other ip addresses or mac addresses and thus denying network access to those legitimate owners. Any idea how to handle this situations?? Thanks... --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.