Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Static ARP firewall advice

Static ARP firewall advice

From: Greg Dickinson <gdickinson_at_indiansprings.org>
Date: Mon, 05 Apr 2004 22:35:32 -0500

I've done some fairly extensive research on this subject, and can't get
a definitive answer. I solicit your advice.

I manage the firewall for a local boarding school as a side job. The
campused students are allowed to bring their own PC's to connect to the
campus network for internet access in their rooms. The firewall has 4
interfaces, one for the administrative LAN, one for the internet, one
for the dorm LAN, and one for the proxy server so it's in it's own
"sandbox".

We have statically assigned IP addresses for the students' PC's, so
that we can run a proxy log analysis and determine which students are
accessing which sites at what times. These statically assigned
addresses are in specific allow statements in the ruleset (pf on OBSD
3.2). Recently the (rather bright) students here have figured out that
they can simply "steal" someone else's address and avoid detection.

I am currently in the process of reloading the proxy server to get it
off RH9, but in the interim I was wondering if there is an
easy/recommended way to accomplish this: I had the idea of adding static
ARP entries in the firewall so that only the specified Layer 3 addresses
that match the specified Layer 2 addresses can get through the firewall.
 However (as you can imagine) this is a nightmare to maintain, as well
as difficult for the local administrator to add static ARP entries (he
has to add the addresses to /etc/rc.local and reboot the firewall
everytime [yes, I know a reboot is not required...but it's simpler...
:-> ])

To summarize: is there an easy way to maintain static ARP entries using
pf on OBSD 3.2? While the current firewall is OBSD, I am not married
to this configuration - if there is an open source firewall product that
will allow me to accomplish this easier, then I will recommend that to
the admin.

Thanks in advance for your time.

--Greg

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 09 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos