Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Steal Internet
  •  
mcom

Messages: 30
Karma: 0
Send a private message to this user
Rolling Eyes
Kerio has this bug
Client "A" (ip 192.168.2.5 mac xxxxxx) -> authentificates using webinterface and works in internet.
Another user "B" is fishing that user "A" is authentificated and work in internet.
User disconects PC from the lan Change his ip address to the ip address of User "A" aslo the mac address of user "A" and host name restarts the PC and conects conector to the LAN card.

The user "A" in this moment is disconected from the LAN -> the user "B" is not necesary to authentificates and continues to work in internet.

The single way to solve this trouble is to make a client agent program which will help the user to authentificate - also will control the every second(o 2-3 times per second) the authentifcation. Also this agent will help users to now the consumed trafic and more information instantly.

sorry for my english
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
You could use Kerio VPN for this. Only allow VPN connections from the LAN to KWF and block all the rest. VPN users have to authenticate in the client, as you like.
  •  
Almok

Messages: 18
Karma: 0
Send a private message to this user
mcom wrote on Sun, 27 November 2005 01:57

Rolling Eyes
Kerio has this bug
Client "A" (ip 192.168.2.5 mac xxxxxx) -> authentificates using webinterface and works in internet.
Another user "B" is fishing that user "A" is authentificated and work in internet.
User disconects PC from the lan Change his ip address to the ip address of User "A" aslo the mac address of user "A" and host name restarts the PC and conects conector to the LAN card.

The user "A" in this moment is disconected from the LAN -> the user "B" is not necesary to authentificates and continues to work in internet.

The single way to solve this trouble is to make a client agent program which will help the user to authentificate - also will control the every second(o 2-3 times per second) the authentifcation. Also this agent will help users to now the consumed trafic and more information instantly.

sorry for my english


Excuse me, your user "B" has an administrators privileges? No more questions. User with an administrators privileges is not a "simple" user - so the question has just a private decision...
  •  
chipicao

Messages: 1
Karma: 0
Send a private message to this user
ok ...but how can i block the others to conect the internet...where should i change a setting to make this happen...i think i am experiencing the same problem whit the starter of this topi...please help me..


and.. soory my english is not so god!!
  •  
mcom

Messages: 30
Karma: 0
Send a private message to this user
user "B" is uknown User. This user don't have priveleges.
Server is administred from 3rd LAN card.

Problem consist that after autentifiocation Kerio works with phisical IP. But user B disconects user A by entering in the LAN with a computer logicaly cloned from User A .

I think the single way is that Server to mantain a persistent conection with the client PC. So in a client PC will be a program.

KerioVPN works ok. But - this one is destinated for this.
It also creates a virtual LAN. And also i need to create a route
network 0.0.0.0 mask 0.0.0.0 in kerio VPN server.

But a client program will show the consumed trafic also can be used to mantain persistent conection. Also automatic logout.
In standard situation if a user doesn't logout and shutsdown the PC exist the risc that another client can conect just modifing the IP address - no need in authentification.
Previous Topic: Url Rules info
Next Topic: what is the max throughput of Kerio Winroute Firewall ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 20:26:04 CET 2017

Total time taken to generate the page: 0.00435 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.