Good day,
We are trying to reorganize our local area network and I need some tips on
how you are managing your own lan...
We have a vanilla pc router with interface facing our private lan and
interface facing the Internet.
One problem which we are experiencing right now is that any user from private
lan can use any ip address he wants. If he boots his computer with a stolen ip
address, the poor owner of that machine(not active at the moment) will give
automatically up his ip address to this user. The same scenario for public ip
addresses. Basically, we need to track down the users through their ip
address.. But this is trivial as of now since anyone can use any ip he wants.
Even if there is a solution out there to tie up his mac address to his ip
address..(sort of checking the mac first before giving him an ip, possibly
through dhcp..) still, users can just download applications which will enable
him to change his mac address....
Now, where thinking about authenticating users before he is allowed to use a
particular network service(internet proxy, mail etc.) because I guess it is a
clever way of keeping the bad users from doing something bad within your
network when after all, the reason why he is plugging his lancard to the
network is to use a particular service. However, it still doesn't keep them
from playing around and steal other ip addresses or mac addresses and thus
denying network access to those legitimate owners. I'm thinking about tying
dhcp with authentication, and freeradius comes to mind.. I just need some more
tips from you. User's workstations are mixed Windows and *nixes. Some have
laptops with wireless interfaces.
Any idea how to handle this situations??
Thanks...
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
