Re: Snatching IP on LAN, how to DoS/block such machines?

[Kristian Hermansen <khermansen () ht-technology com>]

On Thu, 2005-07-21 at 04:04 +0100, Niklas <maxxess () gmail com> wrote:
> How do you "shut down" such hijackers? Blocking MAC at router level is
> not an option since the real machine might be turned on later
> (unblocking, as well as blocking, involves net admin, thoose changes
> doesn't happen in real time, probably week time :))

At universities I have been to, we always needed to sign into a
preliminary device with our user/pass first.  Until the user is
authenticated, they remain on a VLAN which has limited access, or
possibly none -- redirecting everything to the auth site.  Upon auth,
however, the user is popped off the VLAN and onto the Uni network and
given a public IP.  This is also done at MIT and various other places.
It is the easiest way to authenticate your users from my perspective :-)

Additionally, if you are just worried about p2p traffic, check out
something like a PacketShaper from Packateer.  It is a layer7 filtering
device with a nice web admin tool that allows you to customize any
protocol's bandwidth usage (0 KB/s if you want).  So, that is something
else for you to check out...where do you work?
-- 
Kristian Hermansen <khermansen () ht-technology com>

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/