Re: users bypassing shaper limitation
My first choice is also what the other Chris said, use a large LART on the
offending [computer|user]. You can use smart switches to base the ip on
pre-authorized MAC addresses. That way you are effectivly shaping based on
MAC address. But in true hacker form, even that can be overcome. Some
(most?) NIC's can have their MAC addresses set by software. So all some
crafty luser has to do is change MAC addresses. The only sure fire way is
to hard code the MAC and ip address into each port on a smart switch. That
way even if they swap ethernet cables they won't be able to bypass the
shaper, unless of course they know what MAC address the absconded cable goes
with. :)
At 12:07 PM 6/30/01 +0100, Karl E. Jorgensen wrote:
>On Sat, Jun 30, 2001 at 06:23:19AM +0200, Maurice Verhagen wrote:
>>
>> On Fri, 29 Jun 2001, anon wrote:
>>
>> > my problem is that some local users are changing their own local ip numbers
>> > (like, 192.168.1.40 to 192.168.1.50) then bypassing the Traffic shaper
>> > bandwidth limitation. (that was set on 192.168.1.40)
>> >
>> > anyone know how can i prevent this ?
>>
>> This first that pops into mind is use DHCP and give a IP-lease to the
>> machines in your local network based on the NIC's Mac address. I
>> guess the only way out for the "bad guys" is to swap the NICs from another
>> machine to get the same effect as changing the IPs now.
>
>Nope. DHCP does not prevent people from changing their IP
>addresses, it merely makes it marginally more difficult.
>Besides, the bad guys may choose not to use DHCP - this is
>entirely up to the config on the client machines.
---=<ALL YOUR BASE ARE BELONG TO US>=---
___/`<YOU HAVE NO CHANCE TO SURVIVE MAKE YOUR TIME!>`\___
00000100
Reply to: