[Dshield] Internal LAN protection
mark.rowlands at minmail.net
Fri Nov 23 16:38:00 GMT 2001
On Friday 23 November 2001 1:43 pm, Kajfas The High Priest wrote:
want to develop a switch that can
> be used by multiple ADSL subscribers to share a single connection. The key
> point is that the PC's must not be able to monitor each others data or
> perform attacks on each other. I have no control of the software running on
> the PCs, but they will probably use a software firewall like ZoneAlarm.</P>
> The switch must therefore as a minimum filter ARP and DHCP
> messages, so this information is only sent to the relevant server/PC. An
> ARP proxy in the switch answers on behalf of other PCs on the LAN, so no PC
> will know the MAC addresses of other PCs.</P> <P>What else do I need in
> order to protect the PCs from each other? For instance, what about attacks
> performed using NetBEUI? And are there similar attack options?</P>
FreeBSD, dlink, dfe570tx four port adapter and ipfilter will allow you
pretty good control. Fnord systems even do readymade rackmount machines
Q: What did Tarzan say when he saw the elephants coming over the hill?
A: "The elephants are coming over the hill."
Q: What did he say when saw them coming over the hill wearing
A: Nothing, for he didn't recognize them.
More information about the list