Riegert, Timothy J. wrote:
I would
assume that we have to filter gaming systems by assigning them specific
IP addresses (since there are multiple hops to the CAS’, prohibiting mac
filtering), that we then add to a subnet filter.
What is everyone doing to prevent users from manually assigning IP
addresses that are in the filter (I guess the problem still exists with
users manipulating mac-addresses in L2 mode)?
Hi, Tim.
Sorry to hear you can't do MAC filtering directly for game systems,
that's really more effective. But still the temptation is to register a
PC as a game system as a means to attempt to avoid scrutiny. Here, my
game system role is somewhat limited, in that game systems really don't
need to do things on your campus much, like visit your own web servers,
mail server, etc. All the need is Internet access and to chat with their
friends in the residence halls.
A PC that can't get your email, print to your printers, work with
Library resources, and the like is probably going to discourage them
from continuing the impersonation, don't you think. And if they're
satisfied with that restricted access, you're still better off than you
were...
--
Regards,
-- Cal Frye, Network Administrator, Oberlin College
www.calfrye.com, www.pitalabs.com
"There is something contagious about demanding freedom. --Robin Morgan.
