Home page logo
/

basics logo Security Basics mailing list archives

RE: bridge detection
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 28 Dec 2004 09:29:49 -0800

  A router will use its own MAC address as the source.  A bridge,
by definition, will not.  (A proxy will use both its own MAC and
IP addresses, as will a router/firewall performing NAT.)
  A bridge, therefore, is not an issue.  But a router or proxy 
can look like a single client device.

  Since this is a very hard problem to solve, ask yourself whether
you need to solve it!  If you bill customers by metered usage, it
doesn't matter how many devices they use.  If you're trying to
avoid supporting routers, tell your tech support staff not to
support them.

  About the only situation that really justifies concern about
this is that customers might share/resell your service to people
who might, otherwise, become customers themselves.  Is there a
reason to assume this is a major problem?
  If so, I think you'll do better with metering, speed caps, or
capping the number of simultaneous connections per IP address,
than trying to detect devices.

David Gillett


-----Original Message-----
From: G.P.M [mailto:ice4ice () excite com]
Sent: Saturday, December 25, 2004 8:30 AM
To: security-basics () securityfocus com
Subject: bridge detection



hi,
   I was wondering are there any programs which can detect 
switches/routers, based as well on linux.
   The problem is that one company is setting up large LAN, 
with internet access, based on static ip/mac address, for 
paying reasons. Many clients seperate their connection, often 
giving mac of the bridge not the PC.
   i had many ideas about that, eg. checking the vendor for 
the mac, signal replays from the source.
i worry also about 'clear' switches, non programmable ones.

  Could please someone give me some advise?

sorry for my bad english.

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]