|
Posted by Danny Sanders on November 1, 2007, 11:11 am
Please log in for more thread options
> This will only cause a minimal slowdown if the unauthorized computer is
> malicious rather then an accident -- All it takes is a cheapo hub/switch
> to get connected. I had one at one point that was USB powered.
<Snip>
> This is well beyond what is likely happening here, chances are that this
> situation is just someone brought a home laptop in and plugged in.
Like you said, given what is "probably" happening, it's probably a user
connecting a laptop. Most users are going to give up if the jack does not
work. A policy of not letting users not connect personal computers to the
network and jacks the lead to nowhere is free and (as you state) it's
probably not malicious and not worth loosing their job over.
hth
DDS
>
>>You could also disconnect any unused jacks at the patch panel so when they
>>plug the computer into an unused jack, they can't get anywhere.
>
> This will only cause a minimal slowdown if the unauthorized computer is
> malicious rather then an accident -- All it takes is a cheapo hub/switch
> to get connected. I had one at one point that was USB powered.
>
> You can go a step further and lock down a one to one ratio between ports
> and MAC addresses, and automatically kill the port if an unauthorized
> MAC address shows up (many data centers do this, SOHO gear cannot)
>
> This raises the bar substantially, although it is entirely possible for
> a stateful NAT box to sit between a legitimate machine and the network,
> fake the correct MAC addresses on both sides, and still insert it's own
> traffic into the WAN side of the NAT box (the LAN), effectively
> "sharing" the IP of the client PC.
>
> This is well beyond what is likely happening here, chances are that this
> situation is just someone brought a home laptop in and plugged in.
>
> --
> You can get more with a kind word and a 2x4 than just a kind word.
| 
XML Sitemap