IP Spoofing from inside own network.

[Baruah]

hi,
can anyone give me proper solution to the problem described below.

Some users are doing IP Spoofing inside my own network to gain access
to the world wide web through my proxy(Squid on RedHat7.0) server, as
I have blocked some of the IPs.
e.g. if I have blocked 202.141.83.x, that user is using
202.141.83.y(which is open),to gain the access to the web.
I'm unable to prevent this currently.Plz. help.
Thanx in advance.

[Jeremy Bishop]

Baruah spake thus:

Unplug their network cable. Use a hatchet for added effect.

Later, in your squid.conf file:

http_access allow localhost
http_access deny all

--
Windows NT: n. 32-bit extensions and a graphical shell for a 16-bit
patch to an 8-bit operating system originally coded for a 4-bit
microprocessor, written by a 2-bit company that can't stand for 1
bit of competition.

[Draschl Clemens]

use arpwatch to match ip-addresses to mac addresses. it will be more
secure, but the effort and the work to arrange this, also will be
higher. you have to add all mac's statically

greets
clemens

[Barry Margolin]

In article <506277bd.0112...@posting.google.com>,

I think there are some switches that have a security feature that locks a
particular IP and/or MAC to a port, or sends an alert to the sysadmin if
the IP or MAC on a port changes.

--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

[Ben Webb]

On 6 Dec 2001 01:41:46 -0800, Baruah <b_ba...@hotmail.com> wrote:
> hi,
> can anyone give me proper solution to the problem described below.
>
> Some users are doing IP Spoofing inside my own network to gain access
> to the world wide web through my proxy(Squid on RedHat7.0) server, as
> I have blocked some of the IPs.
> e.g. if I have blocked 202.141.83.x, that user is using
> 202.141.83.y(which is open),to gain the access to the web.

Block the whole IP range by default, and only allow through IPs that
you trust.

Another possible solution:

1. Update to RedHat 7.1 or 7.2, with the 2.4 kernel. Apply all security
updates.
2. Set up an iptables firewall, and use its --mac-source option to only
allow packets from MAC addresses that you specify (can be combined with
--source to tie MAC addresses to IPs)

Ben
--
b...@bellatrix.pcl.ox.ac.uk http://bellatrix.pcl.ox.ac.uk/~ben/
"I only just turned around for a poodle and a corvette"

[Baruah]

I think that will solve the problem, let you u afterwards.
Thanx to you all, specially to Ben.

b...@bellatrix.pcl.ox.ac.uk (Ben Webb) wrote in message news:<slrna0vhp...@bellatrix.pcl.ox.ac.uk>...

[Ian Stirling]

Draschl Clemens <c.dr...@conova.com> wrote:
>
> use arpwatch to match ip-addresses to mac addresses. it will be more
> secure, but the effort and the work to arrange this, also will be
> higher. you have to add all mac's statically

It's relatively trivial to fake MAC addresses too, so this isn't a
certain tool.

However, as there isn't a box to type in the MAC in windows, it's a help.

--
http://inquisitor.i.am/ | mailto:inqui...@i.am | Ian Stirling.
---------------------------+-------------------------+--------------------------
Windows 2000, software for next millenia. <latin pun alert> - Ian Stirling.

[_jussi]

"Ian Stirling" <ro...@mauve.demon.co.uk> wrote in message
news:1007942291.20025....@news.demon.co.uk...

> Draschl Clemens <c.dr...@conova.com> wrote:
> >
> However, as there isn't a box to type in the MAC in windows, it's a help.

-only against not so experienced users.
changing the mac address in nt/w2k is easy.

_jussi