Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Network Card not recognized / How to save network configuration on a Slack Distrib | Winol | UNIX for Dummies Questions & Answers | 1 | 09-08-2008 01:00 PM |
| Benchmarking network performance with Network Pipemeter, LMbench, and nuttcp | iBot | UNIX and Linux RSS News | 0 | 08-13-2008 04:40 AM |
| Secure ftp using ssl/tls | DANNYC | UNIX for Dummies Questions & Answers | 4 | 02-27-2008 11:45 AM |
| Secure FTP Problem using Sun SSH on Client system F-Secure on Server system | ftpguy | SUN Solaris | 2 | 01-11-2007 12:19 PM |
| how can i secure the unix box? | rmuhammad | UNIX for Dummies Questions & Answers | 1 | 10-21-2003 03:45 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
01-21-2009
|
||||
|
||||
|
Secure Network
OK Guys I need help. I have a very small network (lets say x.y.z.0 - x.y.z.255). Now I do not have any control over the router. But I am in control of the switch that splits the network from one single physical line (wire). I have a bridge fire wall between the line and the switch that filters out the intrusion. The way I distribute the IP addresses is through a dhcp server (its a dynamically static IP), meaning some of the machines I put as static and the other machines that I trust and control (limited access) are set thru the dhcp with MAC address.
Code:
host LMNOP {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address x.y.z.20;
}
Code:
# ip addresses available for everybody
subnet x.y.z.0 netmask 255.255.255.0 {
range x.y.z.200 x.y.z.220;
}
for IP addresses I have available and that I can give out to people who visit and hook up their computer to browse and do stuff, which we need. But recently someone has been trying to download some illegal stuff (p2p) via that open IP range. Now the way I limit my security outbreak is to trust my users and limit their activity. But how can I control the activity on that IP range? BTW - I do not have any VPN setup so no authentication process, I dont know how feasible it would be to setup one for such a small network! I do all my stuff via ssh. My thoughts: 1. I can stop service for that range, meaning no range to get IP from but if by any chance the person knows the domain s/he can statically set one ?!? Please help. This is not how I would set things up if I had full control oner the network but unfortunately this how it is. But I also need to secure this network too. So, I am asking for help  Thanks in advance. |
|
01-27-2009
|
|||||
|
|||||
|
Stopping P2P networks is actually kind of tough. There are some extensions to Linux iptables (called "iprope" I think) that, for instance, allow you to filter packets on application-level data. But other than filtering ports, it's kind of difficult. You can also do BANDWIDTH limiting on the router. You don't disallow the data flow, you just tax it. Look at "packet shaping" techniques for your firewall to see if that helps. On Linux, for instance, you can use the iptables to flag a certain port range, and then the packet shaping restricts all such flagged connections to, say, 300 bps.
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
