how to prevent customers to change IP address - Firewalls

This is a discussion on how to prevent customers to change IP address - Firewalls ; Hi.. I have a Firewall 1 running in a NOKIA appliance. I have defined the rulebase to grant to certain IP to have access to the Internet. The problem es that some customers 'steal' the IP address that have access, ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: how to prevent customers to change IP address

  1. how to prevent customers to change IP address

    Hi..

    I have a Firewall 1 running in a NOKIA appliance.

    I have defined the rulebase to grant to certain IP to have access to
    the Internet. The problem es that some customers 'steal' the IP
    address that have access, and use it. I there some way to prevent
    this? I mean, identify the machine that tries to access to the
    Internet and match to the IP address.

    Thanks in advance...

  2. Re: how to prevent customers to change IP address

    Burticio wrote:
    > Hi..
    >
    > I have a Firewall 1 running in a NOKIA appliance.
    >
    > I have defined the rulebase to grant to certain IP to have access to
    > the Internet. The problem es that some customers 'steal' the IP
    > address that have access, and use it. I there some way to prevent
    > this? I mean, identify the machine that tries to access to the
    > Internet and match to the IP address.
    >
    > Thanks in advance...


    Not easily.

    It depends on a number of factors. Is the firewall on the same LAN segment
    as the machines which are stealing the address? If so, you could add a
    static ARP entry for the MAC address of the machine which the IP address
    belongs to, assuming that it isn't handed out by DHCP and belongs to a
    single machine.

    This seems unlikely, given that these other machines are able to steal the
    address, however I'll run with this assumption.

    My suggestions would be:
    Use the arp -s command to add a static ARP entry to the table for the MAC
    address of the machine which owns the address. You will need to read your
    operating system's documentation to determine the syntax for this, and how
    (if it is possible) to make the entry persistant.

    Download the arpwatch utility. This will monitor ARP requests/responses on
    the segment and record which MAC addresses respond for which IP addresses.
    You should be able to determine who is stealing the IP address, and hit them
    over the head with a large stick.


    Nathan



  3. Re: how to prevent customers to change IP address

    Thanks for you comments, nathan..

    I think the bes solution is the hit with the large stick ;-)

    Thank you


    "Nathan Gardiner" wrote in message news:<40c6de84$0$308$c3e8da3@news.astraweb.com>...
    > Burticio wrote:
    > > Hi..
    > >
    > > I have a Firewall 1 running in a NOKIA appliance.
    > >
    > > I have defined the rulebase to grant to certain IP to have access to
    > > the Internet. The problem es that some customers 'steal' the IP
    > > address that have access, and use it. I there some way to prevent
    > > this? I mean, identify the machine that tries to access to the
    > > Internet and match to the IP address.
    > >
    > > Thanks in advance...

    >
    > Not easily.
    >
    > It depends on a number of factors. Is the firewall on the same LAN segment
    > as the machines which are stealing the address? If so, you could add a
    > static ARP entry for the MAC address of the machine which the IP address
    > belongs to, assuming that it isn't handed out by DHCP and belongs to a
    > single machine.
    >
    > This seems unlikely, given that these other machines are able to steal the
    > address, however I'll run with this assumption.
    >
    > My suggestions would be:
    > Use the arp -s command to add a static ARP entry to the table for the MAC
    > address of the machine which owns the address. You will need to read your
    > operating system's documentation to determine the syntax for this, and how
    > (if it is possible) to make the entry persistant.
    >
    > Download the arpwatch utility. This will monitor ARP requests/responses on
    > the segment and record which MAC addresses respond for which IP addresses.
    > You should be able to determine who is stealing the IP address, and hit them
    > over the head with a large stick.
    >
    >
    > Nathan


  4. Re: how to prevent customers to change IP address

    Hope I'm not too late to post this...

    Authentication by IP address may not be the best strategy here.

    Fw-1 does support 3 forms of authentication. Maybe one of them will suit
    your needs?


    ---
    VL


    On Sun, 13 Jun 2004 16:21:48 -0700, Burticio wrote:
    >> My suggestions would be:
    >> Use the arp -s command to add a static ARP entry to the table for the MAC
    >> address of the machine which owns the address. You will need to read your
    >> operating system's documentation to determine the syntax for this, and how
    >> (if it is possible) to make the entry persistant.



+ Reply to Thread