Controlling access at the Ethernet level
Dan Ros
dan.ros at nildram.net
Mon Apr 5 02:59:49 PDT 2004
> -----Original Message-----
> From: Adrian Penisoara [mailto:ady at freebsd.ady.ro]
> Sent: 04 April 2004 19:23
> To: freebsd-security at freebsd.org
> Cc: freebsd-isp at freebsd.org
> Subject: Q: Controlling access at the Ethernet level
>
>
> We are facing service theft through impersonation, either
> solely IP
> or both IP and Ethernet MAC address. Securing IP access was solved
> using a static ARP scheme (we used "staticarp" for the
> internal gateway
> interface and tied to it a fixed list of IP/MAC tuples), but some of
> the clients learnt how to change both the IP and the MAC.
...
This sounds like a university residential halls network, am I right?
For what it's worth, the university I attend has tried both DHCP by mac
address, static arp and so on. Eventually now they have given up and the
cost of the network connection is simply included in the rent for the room.
That way they do not have to worry about unauthorised access.
More information about the freebsd-isp
mailing list