How to block an unauthorized user to use net
How to block an unauthorized user to use net
Assalmu Alaikum
Dear friend a user in my network uses internet illegally.
First I block his IP by using squid acl but he changes his ip address .
Now I apply MAC based restriction but now he change his mac address.
Please guide me how to get rid of this problem.
Jazaku Mullah
Dear friend a user in my network uses internet illegally.
First I block his IP by using squid acl but he changes his ip address .
Now I apply MAC based restriction but now he change his mac address.
Please guide me how to get rid of this problem.
Jazaku Mullah
Shahid Mahmood
0321-4538113
i am crazy to learn linux
0321-4538113
i am crazy to learn linux
what kind of mac-based restrictions do you have? what are your squid.conf rules?First I block his IP by using squid acl but he changes his ip address .
Now I apply MAC based restriction but now he change his mac address.
how is the user getting on your network in the first place?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Asslamu Alaikum
the is user part of our network his machine IP address is 172.16.0.18
i apply the following acl to block him
acl time-office src 172.16.0.18
acl time-office1 arp 00:1C:70:40:B9:A4
http_access deny time-office
http_access deny time-office1
i also carefully put these on right place. he also knows that users from ips 10 to 15 are allowed to use internet. he reads there mac from arp table and uses internet illegally when someone is on rest.
thanks
Jazaku Mullah.
the is user part of our network his machine IP address is 172.16.0.18
i apply the following acl to block him
acl time-office src 172.16.0.18
acl time-office1 arp 00:1C:70:40:B9:A4
http_access deny time-office
http_access deny time-office1
i also carefully put these on right place. he also knows that users from ips 10 to 15 are allowed to use internet. he reads there mac from arp table and uses internet illegally when someone is on rest.
thanks
Jazaku Mullah.
Shahid Mahmood
0321-4538113
i am crazy to learn linux
0321-4538113
i am crazy to learn linux
this isn't a technical problem, it's a social problem. this really needs a policy solution. are users allowed to change their ips/mac addresses by your management? if not, install arpwatch, wait until he changes his address, and then take the evidence in your logs to management. tell them, in writing if necessary, that you have a user who isn't permitted access to the internet, and is trying to circumvent your security checks. if the users use windows, you can try setting up a group policy on the pdc to prevent users from changing their network properties.
if your network switches allow it, force his port to his real mac address. that way if he changes it, it won't let his traffic through. your technical options on the server are to set up authentication in squid, and give your users usernames/passwords (different ones for each user). or, (it's wasteful) you can set up pppoe on the server and on valid client hosts and only allow access to squid from authenticated hosts.
if your network switches allow it, force his port to his real mac address. that way if he changes it, it won't let his traffic through. your technical options on the server are to set up authentication in squid, and give your users usernames/passwords (different ones for each user). or, (it's wasteful) you can set up pppoe on the server and on valid client hosts and only allow access to squid from authenticated hosts.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
when it's running, it'll log changes to mac addresses on the local network: if 00.aa.bb.cc.dd.ee used the ip 192.168.1.10 to send packets to/through your server, and then ff.dd.ee.aa.bb.cc starts using the same ip address, it'll log it somewhere in /var/log.
i haven't used it in years. try reading its documentation for the specifics.
i haven't used it in years. try reading its documentation for the specifics.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: How to block an unauthorized user to use net
Dear smk08,
Salam,
1. Allow every one and deny few
2. Deny every one and allow few.
You have to use deny every one and allow few.
For Example:
# iptables -A INPUT -s 192.168.100.101 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
# iptables -A INPUT -j REJECT
Where 192.168.100.101 is client IP Address and 00:0F:EA:91:04:07 is his MAC Address.
Best Regards.
Salam,
There are two types of policy.smk08 wrote:Dear friend a user in my network uses internet illegally.
First I block his IP by using squid acl but he changes his ip address .
Now I apply MAC based restriction but now he change his mac address.
Please guide me how to get rid of this problem.
1. Allow every one and deny few
2. Deny every one and allow few.
You have to use deny every one and allow few.
For Example:
# iptables -A INPUT -s 192.168.100.101 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
# iptables -A INPUT -j REJECT
Where 192.168.100.101 is client IP Address and 00:0F:EA:91:04:07 is his MAC Address.
Best Regards.
Farrukh Ahmed
PPPOE
Hi smoke,
There is no way to restrict if a user can change his mac address. For this you can configure RP-PPOE server http://www.roaringpenguin.com/products/pppoe which will only allow internet connection to authenticated users. You can integrate it with FREE RADIUS for accounting also but you will have to spend some time to achieve that
There is no way to restrict if a user can change his mac address. For this you can configure RP-PPOE server http://www.roaringpenguin.com/products/pppoe which will only allow internet connection to authenticated users. You can integrate it with FREE RADIUS for accounting also but you will have to spend some time to achieve that
Guddibaaz
-
- Naib Subedar
- Posts: 347
- Joined: Thu Aug 18, 2005 9:25 am
- Location: Attock
- Contact:
yes, until the user changes his mac address as well as his ip -- something the user is already doing. again, another useless post.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?