[K12OSN] Mobile User Plugged In

James P. Kinney III jkinney at localnetsolutions.com
Fri Aug 11 12:59:35 UTC 2006 

On Fri, 2006-08-11 at 08:41 -0400, Michael Elliott wrote:
> Hello and thanks for taking the time to read my message.
> 
> I have a very small K12LTSP network consisting of only a few machines.  
> I have the DHCP assiging IP addresses according to the MAC of the 
> workstations.  I understand that anyone could disconnect the cat5 from 
> the workstation and plug in a laptop and the DHCP would assign an IP and 
> allow the laptop access.
> Well, I have had this happen.  A user who does not have access rights on 
> the LTSP brought in a personal laptop and connected up to the network 
> for internet access.
> Does anyone have any suggestions as what I can do to prevent this from 
> occuring again?

Since you know what the allowed IPs are based on the dhcp-MAC address
process, use iptables to block any other IPs from being usable on the
dhcp serving interface. They will get an address but it won't do them
any good. They would have to clone an existing thin client mac address.

Perhaps a better choice that just blocking that IP at the server would
be to make use of squid's redirect capabilities. Block all the other
port access for rogue IPs but port 80. Send all port 80 to a squid page
that large, bold, red 
WARNING! 
UNAUTHORIZED NETWORK ACCESS DENIED! 
PLEASE STEP AWAY FROM THE MACHINE AND WAIT UNTIL SECURITY ARRIVES.

It will only happen once :)
> 
> Thanks,
> 
> Mike
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060811/ba67d03a/attachment.sig>

More information about the K12OSN mailing list