If your clients use OpenBSD's packet scrubbing, you'll have difficulty
discerning if there are NAT'ed machines behind their gateway.
On Tue, 28 Dec 2004 09:29:49 -0800, David Gillett <gillettdavid@fhda.edu> wrote:
A router will use its own MAC address as the source. A bridge,
by definition, will not. (A proxy will use both its own MAC and
IP addresses, as will a router/firewall performing NAT.)
A bridge, therefore, is not an issue. But a router or proxy
can look like a single client device.
Since this is a very hard problem to solve, ask yourself whether
you need to solve it! If you bill customers by metered usage, it
doesn't matter how many devices they use. If you're trying to
avoid supporting routers, tell your tech support staff not to
support them.
About the only situation that really justifies concern about
this is that customers might share/resell your service to people
who might, otherwise, become customers themselves. Is there a
reason to assume this is a major problem?
If so, I think you'll do better with metering, speed caps, or
capping the number of simultaneous connections per IP address,
than trying to detect devices.
David Gillett
-----Original Message-----
From: G.P.M [mailto:ice4ice@excite.com]
Sent: Saturday, December 25, 2004 8:30 AM
To: security-basics@securityfocus.com
Subject: bridge detection
hi,
I was wondering are there any programs which can detect
switches/routers, based as well on linux.
The problem is that one company is setting up large LAN,
with internet access, based on static ip/mac address, for
paying reasons. Many clients seperate their connection, often
giving mac of the bridge not the PC.
i had many ideas about that, eg. checking the vendor for
the mac, signal replays from the source.
i worry also about 'clear' switches, non programmable ones.
Could please someone give me some advise?
sorry for my bad english.
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
