The number of users who are attending the IETF with infected machines or wireless cards running in AD-HOC mode has increased. It has increased to the point where there is a negative impact on the rest of the IETF attendees. The solution we have come up with is the Penalty Box. If a malicious machine is detected (either accidental or intentional) on the network, we will assign them an address in the 172.16/12 networks; 172.16.128.0/24 for offenders from the IETF58 Wireless in the hotel, 172.16.48.0/24 for offenders from the Outside Wireless. This will be next-hopped by the Juniper to a captive network. All HTTP sessions will be redirected to a webpage that will let them know that they have been placed into the Penalty Box. Right now we have the DHCP server assigning the proper address, and our routers are dealing with them appropriately. We are still working on the apache config to redirect (rewrite?) all of their requests to our explanatory URL. (NoCatAuth does not play well in our MacOS X environment.) Any suggestions for the apache configuration for capture/rewriting would be appreciated. If you do see anybody with the 172.16.48.* or 172.16.128.* address, please help them to fix their machine, or send them to the terminal room. Either ask the helpdesk person, or just shout out for help, plenty of helpful people here! Thanks! --58 NetOps Crew