On Thu, May 5, 2011 at 08:26, Joseph L. Casale <jcas...@activenetwerx.com> wrote: >>Is there a simple way to block access to a windows machine? I'm setting >>up a network in a remote, far away location and will have little >>physical control. I want to control/stop people from sticking a wifi >>router and connecting windows machines to the network. > > The OS doesn't matter, the approach depends on how secure you need it. > If they actually stick a router in there, unless its setup as a bridge (ie wan > not used) it will be nat'ing connections so only its mac/ip will appear. So > blocking by ip/mac doesn't help as you can spoof either of those anyway. > > What you may need is something that performs authentication for each > connected user for example...
In addition to this, and to controlling DHCP, as another poster mentioned, there is an audit method that may take some time, but can be automated to some degree. It's an interesting use of TTLs I saw discussed on another list - you have to keep track of the TTLs by the hosts on your network and notice the anomalies. Most OSes use a starting TTL of either 64 or 128. If you notice packets with a TTL of 63 or 127 coming from a particular IP address through your router/firewall, you have an indicator that that IP address is a router or NAT device itself. I would also suspect that if you see mixed TTLs coming from a single IP address, that might also signal something to investigate. Kurt --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
