On Fri, Oct 12, 2001 at 12:51:27PM +0200, Szabó Tamás wrote: > Hi! > > The scenario is the following: > > We got a LAN which consists of several hosts running windows 2000 and > one running Debian 2.2rev3(kernel 2.2.19). This Debian has an extra > interface through which is connected to the ISP. > > The internal hosts should have access to the internet(only to a few > services) through proxies running on the Debian machine. > > This simple configuration is set up and running. > > The logging of the internet activity is done based on the IP addresses, > so our policy doesn't allow changing of IP addresses. But currently > there will be no notification of the fact if someone changes it's IP. So > I'm looking for a solution for this... > > Are there some nice utilities for this? > > I could write a script and put it in crontab to check the ARP-IP > association of hosts periodicaly. > But probably there are already some written, tested utilities out there. > Right? > > Another thought: > As I know in Linux I can use whatever MAC address I want(ifconfig allows > me to choose one). I know that this is not really a Debian question but > does somebody know if this is possible in win2000 too? > If yes then this method of checking the ARP-IP association won't be > reliable. Some network cards won't allow this, and afaik no winblows product will. A switch with static arp tables is a more drastic solution if you really need this kind of spoofed IP protection. That way each machine has its own port on the switch, which only allows the MAC address for that machine and that machine only on that port. You would probably be well advised to set up static ARP tables on the firewall as well (just be aware that if you change a network card you have to update this :) As other have suggested, arpwatch is also a good idea. > > Is there another way to check if someone changed it's IP? See above.
Attachment:
pgpnkeRHZO6DJ.pgp
Description: PGP signature