On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote:
> On Sat, Jun 30, 2001 at 06:23:19AM +0200, Maurice Verhagen wrote:
> > This first that pops into mind is use DHCP and give a IP-lease to the
> > machines in your local network based on the NIC's Mac address. I
> > guess the only way out for the "bad guys" is to swap the NICs from another
> > machine to get the same effect as changing the IPs now.
> Nope. DHCP does not prevent people from changing their IP
> addresses, it merely makes it marginally more difficult. 
> Besides, the bad guys may choose not to use DHCP - this is
> entirely up to the config on the client machines.

but if you make dynamic firewall rules based on the leases file,
blocking all outside traffic, it would be efficient enough.


                          -< Sami Haahtinen >-
      -[ Is it still a bug, if we have learned to live with it? ]-
        -< 2209 3C53 D0FB 041C F7B1  F908 A9B6 F730 B83D 761C >-

Reply via email to