IP address conflicts

Bart Silverstrim bsilver at chrononomicon.com
Sat Oct 2 12:36:44 PDT 2004 

On Oct 2, 2004, at 2:27 PM, Ted Mittelstaedt wrote:
> The problem is that if the attacker has a modicum of intelligence they
> will have done this to someone elses' system.

Yet you say this is taking place in colleges... :-)

> This is a college.  For example, someone in a dorm room just surfing 
> the web
> gets up to take a piss.  As soon as they walk out the door and go down 
> the
> hall, some joker down the hall runs into their room and in a few 
> seconds
> changes the IP number of their PC to that of the mailserver then runs 
> out.
> Bullshit like this happens all the time.

Funny how just yesterday there was some slash story about users not 
being careful with security.  My systems this wouldn't be effective.  
Screen saver is hot cornered and password protected.  In the school 
office, control-alt-del->k.  When I was in college, there was this 
thing where your "friends" would steal your mattress...mattress police. 
  They would hide it somewhere on campus.  Never happened to my roommate 
and I, because we carried our keys with us and locked the bedroom when 
we weren't there (or in the living room connected to the hallway); no 
reason to leave the door open if we weren't there, and our "community  
belongings" were already outside of that room for the other roommates 
and friends to use.

We try to have a policy where I work where if your account is used to 
do something against the rules, like browse porn, you must have given 
that person your account password or you left your account logged in 
and walked away.  There's no way to prove who the body was sitting at 
that console, so it is assumed to be you.  You get in trouble for it.  
You allowed it, you were irresponsible, and you're going to get hassled 
for it until you learn to take responsibility for your belongings 
(including your identity) within reason.  It is not unreasonable to 
expect people to not give their passwords out and to log off of a 
console when they're done using it.

Your reactions are your policies and your rules; if they work for you, 
that's all and good.  If students continue to play stupid and allow 
things like this to happen to their computers, then so be it.  Or you 
can nail them a couple times and have them wise up for it.  "Honest! I 
didn't put kiddie porn on that computer...my...my roommate did it!  Or 
a computer virus did it!"  "OH!!! Nevermind then..."

> The only solution is to use managed switches with a modicum of 
> intelligence
> to where you can build a MAC filter that disallows packets that 
> originate
> from
> the end users that have the same MAC as the mailserver, (to block 
> spoofers)
> and that allows you to dump the internal MAC table.

This is a good infrastructure to the network change and it would also 
solve the problem.  I thought he was having money troubles and needed a 
quick solution to try solving the problem, while this solution would be 
done in the future once funds are released and time can be allocated to 
switch things over.  It sounded like his network was somewhat in 
shambles at the moment.

> That way when someone pulls their fun your going to see their MAC in 
> your
> routers, and you can then look at the switches and see exactly what 
> port is
> being used.

Any way to have it send a 50,000 volt spike through that port?

-Bart

More information about the freebsd-questions mailing list