Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jtelep]

I have a unique problem that I don't totally understand so I am hoping I can post it here and someone will be able to explain it to me.  I recently purchased a DIR-615 and got the whole thing set up correctly for my network including setting up access control in an attempt to ensure my teenager goes to bed when I tell him to (without sneaking and staying up later doing whatever he does on the Net).  So I created an access control rule with a corresponding schedule that shuts him down when I tell him to go to bed.  That worked great until he figured out he could change network cards and get back on so after collecting all of the MAC addresses he could possibly use and adding them to the rule I figured I was all set.  Leave it to kids (as they all love to talk to each other about ways to defeat the parents) he found a way around it so when I asked him to show me what he did (as he didn't really understand himself and just did what his friends told him).  From what he showed me he bridged together his active network connection to an unused IEEE 1394 connection/adapter (whatever the heck that is) and voila he's on when the rule is active (and supposedly blocking it).  I am guessing that the bridge is somehow creating some sort of virtual MAC address that the router doesn't see and therefore can't block it.  I don't really understand how it works (so I would love it if someone could describe to me what exactly it is he did) but more importantly how to stop it.  Currently I changed the rules from ALLOW all to DENY all unless their MAC address is listed in the network filter but I am curious as to how to it might be done otherwise.

Thanks to anyone who can answer any of this.

[Lkr]

Although I don't agree with the scheduling, I will help you as best as I can:
When he bridged the connection, he was connecting through a new MAC address.  Now that you have it to deny all mac addresses besides the ones listed, he should be beat.  To view the MAC address he used, re-bridge the connection and go to start>run.  type in CMD and hit enter.  type in ipconfig /all and hit enter.  The Bridge IP and MAC address should pop up.

[funchords]

Although I don't agree with the scheduling, I will help you as best as I can:
When he bridged the connection, he was connecting through a new MAC address.  Now that you have it to deny all mac addresses besides the ones listed, he should be beat.

Then he'll clone the MAC address of some other approved device, or he'll hop on the neighbor's wireless devices, or defeat it a number of other ways. 

MAC-based security is bad security because MAC addresses are not secure keys.  They're like combination locks where the unlocking combination is imprinted right on the lock itself. 

I've tried it all.  Here's what I've concluded.

1.  Kids don't get Internet privacy.  No computers in bedrooms.  Kids computers need to be in a place where adults can supervise.

2.  Kids don't get Admin privileges.  They can't change networking, security settings, hide their tracks, or install infected software if they have a Limited-User account.  You also need to password protect the BIOS and disable CDs and USB keys from loading an OS instead of the hard disk.

3.  Kids that need but don't follow parental rules regarding use of the Internet don't get Internet access. 

No matter what, your older teen still will disagree with some of your preferences.  So if your teen really is old enough (a choice that is totally yours to make), then consider removing the rules and let him learn the natural consequences of staying up too late.  If he handles that well, then maybe a computer in his room makes sense.

Robb Topolski
father of two adult daughters who grew in the age of the Internet (all three of us survived) 

[Lkr]

Seeing as my kids know more about the computer than I do, they are my network admin.  Of course, they're computers have no problems, while my main one that I used to use(just used to hook up to routers now) is slow as molasses! 

[networkcrawler]

Access Control in DIR series, for me it sucks.

To ensure your teens go to bed when you tell them. Put the modem and router in your room. If you want them to sleep unplug the modem and router. But if they're using wireless then just remove the antenna of the router. Its easy right? lol