The number of users who are attending the IETF with infected machines or
wireless cards running in AD-HOC mode has increased. It has increased to
the point where there is a negative impact on the rest of the IETF
attendees.
The solution we have come up with is the Penalty Box.
If a malicious machine is detected (either accidental or intentional) on the
network, we will assign them an address in the 172.16/12 networks;
172.16.128.0/24 for offenders from the IETF58 Wireless in the hotel,
172.16.48.0/24 for offenders from the Outside Wireless.
This will be next-hopped by the Juniper to a captive network.
All HTTP sessions will be redirected to a webpage that will let them know that
they have been placed into the Penalty Box.
Right now we have the DHCP server assigning the proper address, and our
routers are dealing with them appropriately. We are still working on the
apache config to redirect (rewrite?) all of their requests to our explanatory
URL. (NoCatAuth does not play well in our MacOS X environment.)
Any suggestions for the apache configuration for capture/rewriting would be
appreciated.
If you do see anybody with the 172.16.48.* or 172.16.128.* address, please
help them to fix their machine, or send them to the terminal room. Either
ask the helpdesk person, or just shout out for help, plenty of helpful people
here!
Thanks!
--58 NetOps Crew