Date: Mon, 5 Apr 2004 10:59:40 +0100 From: Dan Ros <dan.ros@nildram.net> To: 'Adrian Penisoara' <ady@freebsd.ady.ro>, "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Cc: "'freebsd-isp@freebsd.org'" <freebsd-isp@freebsd.org> Subject: RE: Controlling access at the Ethernet level Message-ID: <F4FC7703737D3C45A616E43DBFB43C5102B7D2A2@exchange.office.nildram.net>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Adrian Penisoara [mailto:ady@freebsd.ady.ro] > Sent: 04 April 2004 19:23 > To: freebsd-security@freebsd.org > Cc: freebsd-isp@freebsd.org > Subject: Q: Controlling access at the Ethernet level > > > We are facing service theft through impersonation, either > solely IP > or both IP and Ethernet MAC address. Securing IP access was solved > using a static ARP scheme (we used "staticarp" for the > internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of > the clients learnt how to change both the IP and the MAC. ... This sounds like a university residential halls network, am I right? For what it's worth, the university I attend has tried both DHCP by mac address, static arp and so on. Eventually now they have given up and the cost of the network connection is simply included in the rent for the room. That way they do not have to worry about unauthorised access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F4FC7703737D3C45A616E43DBFB43C5102B7D2A2>