RE: NetReg: iptables instead of DNS

New Message	Reply	Date view	Thread view	Subject view	Author view	Attachment view

From: King, Michael (MKing@bridgew.edu)
Date: Fri Apr 30 2004 - 11:55:51 CDT

Next message: Robert Lowe: "Re: NetReg: iptables instead of DNS"
Previous message: King, Michael: "RE: NetReg: iptables instead of DNS"
Maybe in reply to: Ole Craig: "NetReg: iptables instead of DNS"
Next in thread: Robert Lowe: "Re: NetReg: iptables instead of DNS"

A better explanation of the NoCatAuth product, (cause the developers
page is a Mishmash)

http://www.oreillynet.com/pub/a/wireless/2001/11/09/nocatauth.html

> -----Original Message-----
> From: owner-netreg@southwestern.edu
> [mailto:owner-netreg@southwestern.edu] On Behalf Of Ole Craig
> Sent: Friday, April 30, 2004 12:19 PM
> To: netreg@southwestern.edu
> Subject: NetReg: iptables instead of DNS
>
>
> (or maybe in addition to DNS.)
>
> We're deploying netreg with LDAP-based authorization to
> automate what has previously been a manual registration
> process. One of the "threats" which we were tasked to try and
> protect against was that of a somewhat-knowledgeable person
> bypassing the netreg DNS view with manual DNS server
> settings. (This is a computer science department, after all. :-)
>
> The solution I came up with is a perl script that
> manipulates an iptables chain in the nat table, such that
> unregistered MACs can't get packets off the private LAN --
> all packets coming from an unregistered MAC get redirected to
> the gateway netreg box. This seems to work quite well, and
> was not difficult to integrate into netreg. Anyone have any
> interest in such a thing?
>
> Ole
> --
> Ole Craig * UNIX, linux, SMTP-ninja; news, web; SGI martyr *
> CS Computing Facility, UMass *
<www.cs.umass.edu/~olc/pgppubkey.txt> for public key

Where are the missing deficit-reduction program-related activities?
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************

Next message: Robert Lowe: "Re: NetReg: iptables instead of DNS"
Previous message: King, Michael: "RE: NetReg: iptables instead of DNS"
Maybe in reply to: Ole Craig: "NetReg: iptables instead of DNS"
Next in thread: Robert Lowe: "Re: NetReg: iptables instead of DNS"

New Message	Reply	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:45 CDT