[ previous ] [ next ] [ threads ]
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  scekov at freemail dot com dot mk
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Arp Static Entry
 Date:  Thu, 21 Oct 2004 11:18:00 -0700
> <scekov at freemail dot com dot mk> wrote:
> > Hi I have problem when I like to block some user to use
> internet. Users use static IP adresses. One user ip is blocked, I
> like to block MAC. He is cheating and he is always changing his
> ip (with some ip that is not blocked and is not used at the
> moment). I have add static arp entries for all users with arp -s
> <IP> <MAC> but nothing was changed. User is changing his IP again
> and again. Should I enable some option or something or maybe
> someone can tell me some hard way:) how to implement this??
> >
> If he's smart enough to change his IP around to get around
> restrictions, he'll be smart enough to change his MAC address too (and
> might be doing that already).  That's not a good solution.
> Sounds like it's time for a non-technical solution.  Depending on what
> the environment is, the potential solutions will vary.
> You'll never find a way to lock out a determined person via MAC and/or
> IP address controls.
> -Chris

What about captive portal? It relies on MAC and IP and user auth... if he
spoofs someone's ip AND mac, they will get booted off until they
re-authenticate I think...

still might be simpler just to take a "teaching stick" and go educate him