RE: lug-bg: PROJECT: Traffic Acc Tools ?!
- Subject: RE: lug-bg: PROJECT: Traffic Acc Tools ?!
- From: bkrosnov@xxxxxxxx (Boyan Krosnov)
- Date: Fri, 23 Feb 2001 11:29:48 +0200
Hi,
tyj kato imam malko opit sys "studentski mreji" ne moga da se wyzdarja.
Ne moje da se prawi security bazirano na kakyvto i da e vid adresi(MAC
ili IP). Towa e obscurity a ne security!
Drug e wyprosa che powecheto useri ne mogat a i da mogat ne iskat da
prawqt takiwa mizerii shtoto rano ili kysno gi hwashtat.
Secure nachina da se prodawa internet prez ethernet e sys vlani (ako
imate managable switch, i ne iskate klientite da si goworqt direktno
edin s drug) ili sys nqkakyw wid VPN.
Towa za forwardwaneto na paketi ne se sluchwa w praktikata t.k.
windows9x ne moje da rutira, wsqka uvajawashta sebe si linux distribuciq
ima defaultna nastrojka ip_forwarding == 0 ( :) dali e taka trqbwa da se
proweri ), windows meNTe-tata mislq che im e sprqn forwardinga po
default, Cisco routerite po default ne rutirat prez syshtiq interface
prez kojto e poluchen paketa.
BR,
--
Boyan Krosnov (http://www.nat.bg/~bkrosnov)
Network Administrator
Lirex BG Ltd.
> -----Original Message-----
> From: Nikolay Dimitrov Yourgandjiev [mailto:koko@xxxxxxxxxxxxx]
> Sent: Friday, February 23, 2001 11:05 AM
> To: lug-bg@xxxxxxxxxxxxxxxxxx
> Subject: Re: lug-bg: PROJECT: Traffic Acc Tools ?!
>
>
> egg wrote:
>
> >
> >
> >> 2.) Kato kriterii da se polzva ne samo IP adresa na klienta
> >> a primerno,
> >> obvurzvaneto mu i s MAC adresa a nai-dobre e s klientska chast (
> >> softwareche) pod Linux, Win, Mac i t.n. Koeto da se griji
> sus server
> >>
> >> chast na Linux mashinata za otorizaciata na potrebitelia che tova e
> >> naistina toi.
> >
> > Ako clientite po LAN sa s IP adresi, poluchawani ot
> dhcpd, to samo
> > programa
> > na sarvera bi mogla da kontrolira MAC adresa chrez dhcpd.leases i
> > niama da e
> > neobhodima klientska chast, mislia az.
>
> Ami ako usera naistina si smeni MAC adresa s takaw na druga mashina
> togawa i ste poluchi drug IP, a nali celta e towa da ne stawa. Drug e
> waprosa kak ste smeni MAC adresa i kak ste poluchi MAC adresa na
> "priqtelcehto si". No ima i useri koito ne sa za podcenqwane.
>
>
>
> ==============================================================
> =============
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx
> UNSUBSCRIBE LUG-BG
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd.
> - Stara Zagora
>
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|