On Tue, 29 Jun 2004, Kevin Mark wrote: > On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > > I think I've got a little confused. For example I hit the following: > > > > iptables -P FORWARD DROP > > iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE > > xx would be the hardware address. > > Now wouldn't he be able to change the ip and still be connected because he still > > has the same hardware mac address and consume more bandwidth. Note: I limit > > bandwidth on ip basis using rshaper. > > If i'm not wrong, the solution I feel is to block bandwidth on MAC address. If > > later the customer tries changing the ethernet card, my iptable rule won't allow > > packets to be forwarded. Right ? > > > > I think I'm right now. > > Thanks for all helpful suggestions. > > > > Ritesh > Hi Ritesh, > exactly which kind of security does this place have? > you expect people to gain administrative access to change ip settings > and people to open up pc to change network cards? > I think you either have more problems that bandwidth or you are just > being to paranoid. > -Kev > Being a sysadmin, I think it's my duty to think upon all the possibilities. I can't and have no right to delve into my customers machine to see what activity heactually is doing. He has full right to do anything with his PC. Instead I can make a policy that,"Hey Customer, I've restricted you on the basis of your ethernet's MAC addr. If you change it, you'll have to suffer downtime and pay some additional onsite support charges". Rgds, Ritesh
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
