My mailer thinks Sean Fuller said:
>
> On Oct 30, 2:04am, <gaus @
znanost .
hr> wrote:
> > > On 29 Oct 1996, Ryan Russell/SYBASE wrote:
> > > > Time for office pranks! I'll just go over to Joe's PC
> > > > and hit www.playboy.com when he's not there...
> > > This is an issue with logging accesses. Sooner or later, someone *will*
> > > try another person's machine (trust me on this one). Alerting the
> > > end-user like this is a good thing, for sure. If Joe doesn't lock up his
> > > PC when he's not there, he's going to be in violation of my security
> > > policy, and I'll want to talk with him as well as the person who did the
> > > original deed. Anyway, disconnecting Joe's PC at the wiring closet is
> > > much more effective as a prank, especially if Joe can't get in to fix it ;)
> > Joe can lock his PC but he can't stop me from changing IP address of my
> > PC (to Joe's address, of course). I know that this requires a little
> > technical knowledge but that way I can prank Joe without leaving my
> > desk.
> Nope. He can't because I do all detection and filtering by MAC Address.
> At least Joe will have to make the effort to go to the other person's PC.
> I do this by running a sniffer I wrote on the firewall that dynamically
> maintains an IP <---> MAC Address table that is used by the security
> proxy.
>
It's a good thing there aren't any routers on your site isn't it?
They would make your MAC address filtering rather useless, unless you
want to block that router (and everyone beyond it :-).
Colin
References:
|
|
