IP Technical question
Dave Howe
ukcrypto at chiark.greenend.org.uk
Sun, 25 Jan 2009 13:41:09 +0000
Peter Tomlinson wrote:
> Yet my local router's DHCP Server allocates local IP addresses
> (actually I see its in the range 192.168.0.100 to 192.168.0.199) to
> the devices (including a networked printer) but doesn't tell me
> anything about port numbers. Indeed these software ports are always a
> mystery, lurking behind the scenes. For each system I can see the
> system name, the MAC Address of the LAN interface hardware, and the
> local IP Addr...
Which would make a backtrace (even if you HAD the port numbers, which
you usually don't for such requests) a nightmare. Hence, most large
enterprise sites enforce usage of a proxy that requires authentication.
Most of those seem to go for Bordermangler or internet (in)security
decelerator, while ignoring the perfectly functional and free squid....
Either way, they get a bunch of logs that, given a timestamp, can
usually pull out less than a dozen dodgy urls for later inspection (and
in most cases, dodgy urls are already flagged for later checking if they
don't match a whitelist provided by some third party netnanny software
db provider)
I usually change the IP range of home routers on installation - leads
to less conflicts when doing site-to-site vpns and makes the kiddiez
attempting to spoof 192.168.0.x addresses more obvious.