Security Issue

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Security Issue

Postby mudasir » Tue Sep 04, 2007 12:40 am

AOA,

I want to ask that if two guyz using same MAC Address and only one should be allowed to use the internet from the Server, how can i do this.

Like one guy on my network has somehow managed to change the MAC Address of his LAN card. Now is there any way to stop him from using internet.

IP's are given by DHCP Server. Using a MAC Address base firewall posted . And using Squid Proxy Server

Looking forward for some help.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Tue Sep 04, 2007 4:25 pm

friend you are talking about MAC Spoofing .. if this happens your switch will start flooding ... frames i guess ... in this case use MAC to HOSTNAME binding ....this can help you securing the network little bit .. and If you need high security solutions ...

Use AD to authenticate and squid for cache bind hostname to mac addresses and use two-factor authentication .. little cmplex scenario but security is not cheap as well a not simple.
-
Raheel Ahmad

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Tue Sep 04, 2007 9:01 pm

AOA,

Thanks for the advice however i dont know how to configure AD on linux.....
If you can guide me or provide some links for configuring AD server on Linux and MAC to Hostname Binding stuff it will be great...

Looking Forward for Reply...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Tue Sep 04, 2007 9:41 pm

How many users you have on your network ...
-

Raheel Ahmad

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Tue Sep 04, 2007 11:50 pm

AOA,

Deer Raheelahmed,

My network consists of approximately 100 users, i am running my custom made Firewall which does MAC Address Authenticaion.

Now i have come to know that one my users that i have blocked who should not use internet, is using it.

Now i dont know how, but this is for sure that he is using internet.

That is why i was asking a solution that can help me out in stopping him to use internet.

Can this be stopped if i bing that MAC Address with one single IP by using the dhcprestrict script posted by LAMBDA in other post.

Looking forward for reply....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Sep 05, 2007 9:21 am

Dear mudasir,
Salam,

Please post your firewall rules and we will let you know.

There was script which has been developed by me can be found at below link.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed

raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Thu Sep 06, 2007 1:55 pm

agreed wid farrukh
-

Raheel Ahmad

raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Thu Sep 06, 2007 2:03 pm

Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..

I hope this will help you ... much ...

please let us know your response ... I can write the script for you but on weekend sorry for delay ...

regards.
-

Raheel Ahmad

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Sep 06, 2007 3:29 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Thu Sep 06, 2007 8:29 pm


mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Sep 06, 2007 10:44 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Fri Sep 07, 2007 5:25 am


raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Fri Sep 07, 2007 2:18 pm

-

Raheel Ahmad

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Fri Sep 07, 2007 4:35 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Fri Sep 07, 2007 4:35 pm



Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest