IP address conflicts

Ted Mittelstaedt tedm at toybox.placo.com
Sun Sep 26 21:16:51 PDT 2004 


> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tim Aslat
> Sent: Sunday, September 26, 2004 4:22 PM
> To: freebsd-questions at FreeBSD.ORG
> Subject: IP address conflicts
>
>
> Hi All,
>
> I have an annoying situation in a school I do casual work in their IT
> department.  There are a number of individuals within the system who
> think it's funny to allocate an IP address on a workstation identical to
> the network's proxy/web/mail servers.

I assume that these individuals are NOT the owners of the systems that
they are changing the IP numbers on.

> What I'd like to know is, would
> there be any way of preventing this short of spending quite a lot of
> money on managed switches an the like?
>

Yes.  See below.

In any case, first thing is I think you need to have a chat with the Dean.
Your not going to solve this problem until you do 2 things:

1) Make it clear that anyone caught doing this will be immediately expelled.

2) Catch and expell a few of them.

What they are doing is basically identical to making the web/proxy/mail
servers
crash and the penalties should be as severe.

> I'm unable to restrict access to settings on the machines, as they are
> notebooks owned by the students/staff and could be legitimately plugged
> in anywhere in the network.
>

Once again, I must assume that these notebooks legitimately owned by
students and staff are NOT owned by the people that are changing the IP
numbers.

If you have a situation where you KNOW who is doing it, and they are getting
away with this, with the full knowledge of the Dean and others in the
college,
then you may as well just start looking for another job.  If I was in your
shoes
I would.

Now also, keep in mind that expensive managed switches ARE the way to handle
this.
However, you need not break the bank.  There are MANY excellent quality
managed
switches on the used market.  For example the 3com Desktop 3300 is a fine
specimen.
It was manufactured back in the days of 3com's lifetime warranty so even if
you find
one for sale for $20 that has a blown power supply, buy it!

Also, if you are a bona-fied school, contact some of the switch vendors,
they
may make a deal with you under the table.

Now, if you are going to say FUCK THIS and totally ignore my advice with
regards
to the switches, then fuck you too asshole.  However, I will be kind enough
to
tell you a horrible hack, gagging disgusting completely unprofessional
band-aid
that you should be ashamed to do, that you can do.  And if you ever were
being
interviewed by me for a job interview and you mentioned this, I would tell
you
to leave, then go throw up for being reminded that there are people in the
world that are too lame to stand up for doing things right the first time.

What you merely do is go around to ALL of the machines on the network that
need
to get to the proxy/web/mailservers and put in static ARP entries for the
MAC
addresses of the legitimate servers.  Then when your little friends try
their
trick, nobody is going to notice it, except of course for the machine that
they make their modification to.

After a semester or two the kiddies will give up and you won't have to do
this
anymore.

Ted

More information about the freebsd-questions mailing list