Re: Access Control

From: Peter C. Norton <spacey@dont-contact.us>
Date: Wed, 16 Sep 1998 01:47:32 -0400

On Wed, Sep 16, 1998 at 07:05:05AM +0200, Steven Sporen wrote:
> Hi,
>
> Is it possible to implement access based on the MAC address
> rather than the IP address?
>
> We use IP addresses to monitor amounts of traffic to the people in
> our company, but some have wised up and change their IP address
> to reflect other users traffic.

I think you're attacking this in the wrong place. Remember - if someone
can change their IP address, they can change their MAC address as well.

You should probably switch to a system that requires authentication of
some kind to allow a user on the network (kerberos? nis+? I don't know)
and then moniter the user, not the IP or MAC address.

Hey, what would happen if you got a FDDI ring and had to modify your code
for SNAP instead?

-- 
Peter C. Norton                      Time comes into it. / Say it.  Say it.
spacey@pobox.com                   | The Universe is made of stories,  
http://spacey.dyn.ml.org           | not of atoms. 
                                   |
                                     Muriel Rukeyser "The Speed of Darknesss"
Received on Tue Sep 15 1998 - 22:48:33 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:02 MST