On Thu, 2005-07-21 at 04:04 +0100, Niklas <maxxess@xxxxxxxxx> wrote: > How do you "shut down" such hijackers? Blocking MAC at router level is > not an option since the real machine might be turned on later > (unblocking, as well as blocking, involves net admin, thoose changes > doesn't happen in real time, probably week time :)) At universities I have been to, we always needed to sign into a preliminary device with our user/pass first. Until the user is authenticated, they remain on a VLAN which has limited access, or possibly none -- redirecting everything to the auth site. Upon auth, however, the user is popped off the VLAN and onto the Uni network and given a public IP. This is also done at MIT and various other places. It is the easiest way to authenticate your users from my perspective :-) Additionally, if you are just worried about p2p traffic, check out something like a PacketShaper from Packateer. It is a layer7 filtering device with a nice web admin tool that allows you to customize any protocol's bandwidth usage (0 KB/s if you want). So, that is something else for you to check out...where do you work? -- Kristian Hermansen <khermansen@xxxxxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/