Steven,
I would also suggest that you implement username + password
authentication system. Squid already supports that feature, it just needs
to be activated by compiling squid with -DUSE_PROXY_AUTH.
We have it activated here with about 40,000 users.
Seeya,
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
David Richards
Network Programmer
Internetworking Software Services, Computing Services
Queensland University of Technology
Level 12, 126 Margaret Street
Brisbane QLD 4001, Australia
E-mail: dj.richards@qut.edu.au
Ph: +61 7 3864 4347 Fax: +61 7 3864 5272
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
On Wed, 16 Sep 1998, Peter C. Norton wrote:
> On Wed, Sep 16, 1998 at 07:05:05AM +0200, Steven Sporen wrote:
> > Hi,
> >
> > Is it possible to implement access based on the MAC address
> > rather than the IP address?
> >
> > We use IP addresses to monitor amounts of traffic to the people in
> > our company, but some have wised up and change their IP address
> > to reflect other users traffic.
>
> I think you're attacking this in the wrong place. Remember - if someone
> can change their IP address, they can change their MAC address as well.
>
> You should probably switch to a system that requires authentication of
> some kind to allow a user on the network (kerberos? nis+? I don't know)
> and then moniter the user, not the IP or MAC address.
>
> Hey, what would happen if you got a FDDI ring and had to modify your code
> for SNAP instead?
>
> --
> Peter C. Norton Time comes into it. / Say it. Say it.
> spacey@pobox.com | The Universe is made of stories,
> http://spacey.dyn.ml.org | not of atoms.
> |
> Muriel Rukeyser "The Speed of Darknesss"
>
Received on Tue Sep 15 1998 - 23:06:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:02 MST