> > a firewall can only filter traffic that passes through it. if your > > clients are all sitting on a LAN together, there is no way for an > > upstream firewall to keep them from communicating with each other. > > Not quite true, sort of, but we're into Firewall / IPS ( Intrusion > Prevention System ) territory here. "Snort" *might* be able to deny > traffic on the network, failing that you're probably looking at > commercial software. good point. something along the lines of setting up a snort box (with flexresp) on a SPAN port and watching for TCP 139/445 traffic and resetting the connections? i played around with this awhile back, and i noticed that the snort box generally loses the race in the race condition, but it does effectively keep the hosts from communicating. not pretty, but effective enough. need more coffee... -j
