Wireshark-users: Re: [Wireshark-users] need help

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Sat, 4 Sep 2010 17:35:41 +1000
The other thing you can do is to lock MAC addresses to your switch ports, that connect to the dorm rooms. This way a MAC hardware address will associated with a room. Of course this can be administratively more troublesome (if users legitimately change rooms or have multiple devices attached or change devices). 

Cisco uses "switchport port-security" commands for this, HP ProCurve "port-security" at a port level to implement this.



Regards, Martin

MartinVisser99@xxxxxxxxx


On Fri, Sep 3, 2010 at 10:33 PM, Márton Natkó <marton.natko@xxxxxxxxx> wrote:
Hi

Thanks

Marton

2010/9/3 Jaap Keuter <jaap.keuter@xxxxxxxxx>

Hi,

That's what 802.1X certificates can do for you.

Simplified model:

1) setup radius server (Freeradius)
2) setup a CA (XCA)
3) issue client certificates for the hardware addresses
4) let the legit user install the certs
5) setup your NAS for use of Radius

Thanks,
Jaap

 

On Fri, 3 Sep 2010 12:16:46 +0200, Márton Natkó <marton.natko@xxxxxxxxx> wrote:

Hi!

I am the administrator of my dormitory and i need some help. We have a dhcp server with hardware-address authentication. Some of our users have a stupid hobby. They steal other users hardware-address using whireshark. Can you give any help how can i disable this activity on my network?
Thanks for any aid.
Marton Natko

 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe