[Dshield] Internal LAN protection

Mark Rowlands mark.rowlands at minmail.net
Fri Nov 23 16:38:00 GMT 2001


On Friday 23 November 2001 1:43 pm, Kajfas The High Priest wrote:
 want to develop a switch that can
> be used by multiple ADSL subscribers to share a single connection. The key
> point is that the PC's must not be able to monitor each others data or
> perform attacks on each other. I have no control of the software running on
> the PCs, but they will probably use a software firewall like ZoneAlarm.</P>
> The switch must therefore as a minimum filter&nbsp;ARP and DHCP
> messages, so this information is only sent to the relevant server/PC. An
> ARP proxy in the switch answers on behalf of other PCs on the LAN, so no PC
> will know the MAC addresses of other PCs.</P> <P>What else do I need in
> order to protect the PCs from each other? For instance, what about attacks
> performed using NetBEUI? And are there similar attack options?</P>

FreeBSD,  dlink, dfe570tx four port adapter and ipfilter  will allow you 
pretty good control.  Fnord systems even do readymade rackmount machines

-- 
Q:	What did Tarzan say when he saw the elephants coming over the hill?
A:	"The elephants are coming over the hill."

Q:	What did he say when saw them coming over the hill wearing
		sunglasses?
A:	Nothing, for he didn't recognize them.




More information about the list mailing list