Discussion:
how to prevent customers to change IP address
(too old to reply)
Burticio
2004-05-27 19:45:44 UTC
Permalink
Hi..

I have a Firewall 1 running in a NOKIA appliance.

I have defined the rulebase to grant to certain IP to have access to
the Internet. The problem es that some customers 'steal' the IP
address that have access, and use it. I there some way to prevent
this? I mean, identify the machine that tries to access to the
Internet and match to the IP address.

Thanks in advance...
Nathan Gardiner
2004-06-09 09:57:00 UTC
Permalink
Post by Burticio
Hi..
I have a Firewall 1 running in a NOKIA appliance.
I have defined the rulebase to grant to certain IP to have access to
the Internet. The problem es that some customers 'steal' the IP
address that have access, and use it. I there some way to prevent
this? I mean, identify the machine that tries to access to the
Internet and match to the IP address.
Thanks in advance...
Not easily.

It depends on a number of factors. Is the firewall on the same LAN segment
as the machines which are stealing the address? If so, you could add a
static ARP entry for the MAC address of the machine which the IP address
belongs to, assuming that it isn't handed out by DHCP and belongs to a
single machine.

This seems unlikely, given that these other machines are able to steal the
address, however I'll run with this assumption.

My suggestions would be:
Use the arp -s command to add a static ARP entry to the table for the MAC
address of the machine which owns the address. You will need to read your
operating system's documentation to determine the syntax for this, and how
(if it is possible) to make the entry persistant.

Download the arpwatch utility. This will monitor ARP requests/responses on
the segment and record which MAC addresses respond for which IP addresses.
You should be able to determine who is stealing the IP address, and hit them
over the head with a large stick.


Nathan
Burticio
2004-06-13 23:21:48 UTC
Permalink
Thanks for you comments, nathan..

I think the bes solution is the hit with the large stick ;-)

Thank you
Post by Nathan Gardiner
Post by Burticio
Hi..
I have a Firewall 1 running in a NOKIA appliance.
I have defined the rulebase to grant to certain IP to have access to
the Internet. The problem es that some customers 'steal' the IP
address that have access, and use it. I there some way to prevent
this? I mean, identify the machine that tries to access to the
Internet and match to the IP address.
Thanks in advance...
Not easily.
It depends on a number of factors. Is the firewall on the same LAN segment
as the machines which are stealing the address? If so, you could add a
static ARP entry for the MAC address of the machine which the IP address
belongs to, assuming that it isn't handed out by DHCP and belongs to a
single machine.
This seems unlikely, given that these other machines are able to steal the
address, however I'll run with this assumption.
Use the arp -s command to add a static ARP entry to the table for the MAC
address of the machine which owns the address. You will need to read your
operating system's documentation to determine the syntax for this, and how
(if it is possible) to make the entry persistant.
Download the arpwatch utility. This will monitor ARP requests/responses on
the segment and record which MAC addresses respond for which IP addresses.
You should be able to determine who is stealing the IP address, and hit them
over the head with a large stick.
Nathan
Vincent Leung
2004-06-28 02:55:29 UTC
Permalink
Hope I'm not too late to post this...

Authentication by IP address may not be the best strategy here.

Fw-1 does support 3 forms of authentication. Maybe one of them will suit
your needs?


---
VL
Post by Nathan Gardiner
Use the arp -s command to add a static ARP entry to the table for the MAC
address of the machine which owns the address. You will need to read your
operating system's documentation to determine the syntax for this, and how
(if it is possible) to make the entry persistant.
Loading...