Yes you are right. Even the fact that, this is a controlled environment, I want to do as much check as possible before I accept the user as being anonymous. They also log into a M$ PDC (Samba). MAC check in iptables is not feasible because it means hundreds of lines for each and every package. I think it'd best to check multiple things. MAC, SMB pwd, ident check. Markus Gaugusch wrote:
On Mon, 18 Feb 2002, Oyku Gencay wrote:
Actually I want to prevent two things. Since the installation is done at a collage the users are not considered trustworty.
Unfortunately you can't even trust on MAC addresses - most network adapters allow the user to change the MAC address. Such techniques are not used very often, I think, but it shows you that you are never secure in this way. Anyway, iptables allows you to filter services per MAC address and some other nice things, but any unauthenticated user should be treated as anonymous, no matter which ip/mac he may be using.
Markus