Date: Fri, 24 Mar 2006 13:25:45 +0200 From: Atanas Yankov <xds@LanGame.Net> To: freebsd-net@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? Message-ID: <4423D739.1020607@LanGame.Net> In-Reply-To: <4423CBD5.2040208@ide.resurscentrum.se> References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Port security will help you when you want to ensure that particular mac address is enter switch on particular port but not prevent user to change ip address , statics arp is the most stupid part that most administrators does becouse router never send arp request to see are this device are there and blindly send traffic for this device encapsulated with static mac that not exist in bridging tables and this traffic is unknow unicast flooded accross the all switches bridges :)) and all devices , impact can be vary on value of sended traffic :)) , my suggestions is to use cisco multihost 802.1x implementation or play with private vlans . br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. Jon Otterholm wrote: > To prevent users from MAC-spoofing - buy a switch with some kind of > "port-security". If you could lock down a port to just one MAC and > have a static ARP on the router it would be pretty hard to spoof the > MAC-address. With another MAC than the one associated with the port > you simply will not be able to talk to anyone. > To take security one step further you could use some kind of RADIUS > authentication (MAC/user/computer/??). > > Dlink 3526/3550 have these functions. In addition you could lock down > the switch so that "user-ports" only could talk to the uplink port and > never with each other. > > > And NO - I am not a Dlink employee, just a big fan. > > /Jon > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4423D739.1020607>