[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ip theft!!

To: "Americo F. Muchanga" <americo at it.kth.se>
Subject: Re: ip theft!!
From: Bill Sangiwa <bsangiwa at twiga.com>
Date: Fri, 8 Feb 2002 14:04:50 +0300 (EAT)
Cc: Antonio Godinho <antonio at nambu.uem.mz>, <afnog at afnog.org>
Content-Transfer-Encoding: 8BIT
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <3C63F1E0.2070000 at it.kth.se>
Sender: owner-afnog at afnog.org

a./

u're correct (u can't control what user does with his/her machine), BUT
this is another options if your wireless bridge do not support blocking
ip's, if it does (some do!) then you may as well use it, use of DHCP in
some cases users go ahead and have their own DHCP running on their LAN (no
crime done!), if they can listen to your's (DHCP), surely will be able
pass their DHCP broadcasts to other users too! i've seen several
installation of M$2000 with DHCP enabled and users have no idea at all it
is on!!

Bill

On Fri, 8 Feb 2002, Americo F. Muchanga wrote:

> You can't prevent a user from assigning an IP to his local station. The 
> operating system has no way to find out that now you are going to use a 
> valid and/or a not-valid address. You can however prevent that user from 
> accessing the network. Typically u can do this first by placing a DHCP 
> in the network that will assign IPs based on the MAC addresses and place 
> a gateway based on IPlogin for instance to only open a route for those 
> users who had been authenticated.  You should force all your users to 
> authenticate before they can get access to Internet at large.
> 
> rgds, a./
> 
> 
> 
> Antonio Godinho wrote:
> 
> >I use Breezecom wireless equipment and the client radio can be 
> >configured to let through only some IP´s and can also limit 
> >bandwidth in steps of 32K. I don´t know if other equipment lets you 
> >do that.
> >
> >Cheers,
> >
> >
> >
> >>my knowledge on wireless sez that, if you have for-isp wireless gear u
> >>should be able to restrict (or call it block) certain range of ip,
> >>that wil be allowed in/out of the device, which will do pretty much
> >>what you want. if by accident you have choosed a product which does
> >>have that feature then you have what they call corporate wireless lan
> >>devices.. not sure much can be done on switches mine (hp pro-curve)
> >>does not
> >>
> >>Bill
> >>
> >>On Thu, 7 Feb 2002 ksemat at wawa.eahd.or.ug wrote:
> >>
> >>>Can someone give me an idea on how to stop a user from simply
> >>>assigning himself another user's ip address on a LAN or a wireless
> >>>network? We had a problem with a client who simply decided to assign
> >>>himself an extra ip because he thought he needed one unfortunately
> >>>this belonged to another client!!!
> >>>
> >>>Is there a way to prevent this? arpwatch only seems to tell me which
> >>>mac address has changed etc I cannot locate clients by Mac address
> >>>obviously and yet I need to restrict this.
> >>>


-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: ip theft!!
  - From: "Americo F. Muchanga" <americo at it.kth.se>

References:
- Re: ip theft!!
  - From: "Americo F. Muchanga" <americo at it.kth.se>

Prev by Date: Weekly Routing Table Report
Next by Date: Re: ip theft!!
Prev by thread: Re: ip theft!!
Next by thread: Re: ip theft!!
Index(es):
- Date
- Thread