[Full-disclosure] Re: Snatching IP on LAN, how to DoS/block such machines?

[Kristian Hermansen]

On Thu, 2005-07-21 at 04:04 +0100, Niklas <maxxess at gmail.com> wrote:
> How do you "shut down" such hijackers? Blocking MAC at router level is
> not an option since the real machine might be turned on later
> (unblocking, as well as blocking, involves net admin, thoose changes
> doesn't happen in real time, probably week time :))

At universities I have been to, we always needed to sign into a
preliminary device with our user/pass first.  Until the user is
authenticated, they remain on a VLAN which has limited access, or
possibly none -- redirecting everything to the auth site.  Upon auth,
however, the user is popped off the VLAN and onto the Uni network and
given a public IP.  This is also done at MIT and various other places.
It is the easiest way to authenticate your users from my perspective :-)

Additionally, if you are just worried about p2p traffic, check out
something like a PacketShaper from Packateer.  It is a layer7 filtering
device with a nice web admin tool that allows you to customize any
protocol's bandwidth usage (0 KB/s if you want).  So, that is something
else for you to check out...where do you work?
-- 
Kristian Hermansen <khermansen at ht-technology.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050724/bd46159d/attachment.bin