[LARTC] ARP daemon
Jose Luis Domingo Lopez
lartc@24x7linux.com
Mon, 9 Aug 2004 16:45:23 +0200
On Monday, 09 August 2004, at 14:51:55 +0200,
Damjan wrote:
> What I want to accomplish is deny the possibility of users changing
> their IP address, once its set.
>
Then make it impossible for users to become "root" or equivalent in
their boxes, to prevent them from changing their interfaces MAC
addresses. This way users won't be able to do so, and even in the event
they try to boot with some sort of "live Linux CD" and change the MAC,
this change won't persist after reboot.
If you prefer/need to control this changes from your Linux box, then you
can play with iptables and its "mac" match (to bind together IP/MAC
pairs) or install "arpwatch". The latter won't prevent users from
(maybe) succeeding in their attemps to gain access to places where they
shouldn't be allowed to go, but you will be inmediately notified if
someone is not playing nice in your network.
Hope it helps.
--
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Sid (Linux 2.6.8-rc2-mm2)