On Tue, Jun 29, 2004 at 04:01:46PM +0545, Ritesh Raj Sarraf wrote: > On Tue, 29 Jun 2004, Kevin Mark wrote: > > > On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > > > I think I've got a little confused. For example I hit the following: > > > > > > iptables -P FORWARD DROP > > > iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE > > > xx would be the hardware address. > > > Now wouldn't he be able to change the ip and still be connected because he still > > > has the same hardware mac address and consume more bandwidth. Note: I limit > > > bandwidth on ip basis using rshaper. > > > If i'm not wrong, the solution I feel is to block bandwidth on MAC address. If > > > later the customer tries changing the ethernet card, my iptable rule won't allow > > > packets to be forwarded. Right ? > > > > > > I think I'm right now. > > > Thanks for all helpful suggestions. > > > > > > Ritesh > > Hi Ritesh, > > exactly which kind of security does this place have? > > you expect people to gain administrative access to change ip settings > > and people to open up pc to change network cards? > > I think you either have more problems that bandwidth or you are just > > being to paranoid. > > -Kev > > > Being a sysadmin, I think it's my duty to think upon all the possibilities.
Of course.
> I can't and have no right to delve into my customers machine to see what activity
> heactually is doing.
Remind me again what a sysadmin is and why you wont do this? who sets
policies for machine use? who manages the network? who fixes/updates
the pcs? I am not talking about reading documents or other spying, just
monitoring user, syste, and network resources.
> He has full right to do anything with his PC.
the 'users' have right to changes settings and take apart the
machines. This would hinder your ability to admin, and yet you
think you can not tell your users not to do this?
Instead I can make a policy that,"Hey Customer, I've restricted you on the basis of
your ethernet's MAC addr. If you change it, you'll have to suffer downtime and pay
some additional onsite support charges".
If YOU are admin'ing, anything that interferese with your
ability to do this is not welcome. And you should be the first
to know about it.
If a customer decides to change his ethernet card and download
10 dvd's and use over your quota of bandwidth and the boss is
charged for this, who will get blamed? the users alone, or the
sysadmin for not monitoring it and the users for doing it or no
one?
> Rgds,
-kev
--
(__)
(oo)
/------\/
/ | ||
* /\---/\
~~ ~~
...."Have you mooed today?"...
signature.asc
Description: Digital signature
