RE: bridge detection

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 12/28/04

  • Next message: JGrimshaw_at_ASAP.com: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?" 
    To: <ice4ice@excite.com>, <security-basics@securityfocus.com>
Date: Tue, 28 Dec 2004 09:29:49 -0800

      A router will use its own MAC address as the source. A bridge,
    by definition, will not. (A proxy will use both its own MAC and
    IP addresses, as will a router/firewall performing NAT.)
      A bridge, therefore, is not an issue. But a router or proxy
    can look like a single client device.

      Since this is a very hard problem to solve, ask yourself whether
    you need to solve it! If you bill customers by metered usage, it
    doesn't matter how many devices they use. If you're trying to
    avoid supporting routers, tell your tech support staff not to
    support them.

      About the only situation that really justifies concern about
    this is that customers might share/resell your service to people
    who might, otherwise, become customers themselves. Is there a
    reason to assume this is a major problem?
      If so, I think you'll do better with metering, speed caps, or
    capping the number of simultaneous connections per IP address,
    than trying to detect devices.

    David Gillett

    > -----Original Message-----
    > From: G.P.M [mailto:ice4ice@excite.com]
    > Sent: Saturday, December 25, 2004 8:30 AM
    > To: security-basics@securityfocus.com
    > Subject: bridge detection
    >
    >
    >
    > hi,
    > I was wondering are there any programs which can detect
    > switches/routers, based as well on linux.
    > The problem is that one company is setting up large LAN,
    > with internet access, based on static ip/mac address, for
    > paying reasons. Many clients seperate their connection, often
    > giving mac of the bridge not the PC.
    > i had many ideas about that, eg. checking the vendor for
    > the mac, signal replays from the source.
    > i worry also about 'clear' switches, non programmable ones.
    >
    > Could please someone give me some advise?
    >
    > sorry for my bad english.
    >
    > _______________________________________________
    > Join Excite! - http://www.excite.com
    > The most personalized portal on the Web!
    >

  • Next message: JGrimshaw_at_ASAP.com: "Re: Lots of incoming traffic on UDP 1026 and UDP 1027?"

    Relevant Pages

    • Re: Question for Jeff Liebermann
      ... directly to the router, after it has been working behind the wireless ...  But it has no problem moving from bridge to router. ... the ethernet card MAC. ... not that of the wireless bridge. ...
      (alt.internet.wireless)
    • Re: Question for Jeff Liebermann
      ... But it has no problem moving from bridge to router. ... the ethernet card MAC. ... Then after plugging the computer into the wireless bridge, ...
      (alt.internet.wireless)
    • Re: Question for Jeff Liebermann
      ... which sits behind a router. ... bridge seems to be working, as the computer attached to it can get on ... router in the ARP table. ... to dump the current MAC -> IP address values. ...
      (alt.internet.wireless)
    • Re: Block MAC-Address on a 2851 Router?
      ... Yes, you can block a MAC on a Router using ACL's, however there are ... Router and not a Layer 3 Switch, where the method is likely to be ... A MAC is a Layer 2 construction, so while you can build a MAC ACL ... drop the interface down to Layer 2 by putting that PORT into BRIDGE ...
      (comp.dcom.sys.cisco)
    • Re: Neighborhood WiFi?
      ... supplies their own firwall for NAT. ... methinks a transparent bridge or "wireless ... bridge" will be better in case the topology changes. ... end has a router as does the tower end. ...
      (alt.internet.wireless)
    • Quantcast