IP address conflicts

Bart Silverstrim bsilver at chrononomicon.com
Sun Oct 3 12:55:14 PDT 2004 

On Oct 3, 2004, at 2:11 AM, Ted Mittelstaedt wrote:
<locking your dorm room>
> Yup.  This is self-defense in any college setting, there's too many
> juveniles around.
>

Well, that's the point of college today...real life without the real 
life consequences :-)  It's training for taking responsibility, though.

>> We try to have a policy where I work where if your account is used to
>> do something against the rules, like browse porn, you must have given
>> that person your account password or you left your account logged in
>> and walked away.  There's no way to prove who the body was sitting at
>> that console, so it is assumed to be you.  You get in trouble for it.
>
> We try to have a policy where I work of what you call common courtesy.
> That is, the stuff on someone's desk is their property and if you have
> to touch it, you don't damage it.

You'd think this is a simple rule.  Good luck.

> Every once in a while we run across someone who don't understand this,
> they get away with this for a while but sooner or later we reach out 
> and
> fire them.  Apparently, they all go to work at your place.

I work in public education.

> I think the double negatives there are a bit too much for most people.
>
> It is unreasonable to expect people to have to act like they are in
> kindergarden when they are in the middle of a network room that has a
> sum total of 20 people who can access it, all of whom are paid more 
> than
> 50K a year.

You'd THINK so.  Listen, chances are that you can, in rural areas, get 
away with never locking your door.  Nothing happens...no one marches in 
and robs you.  What are the chances an average thief notices your doors 
aren't locked?  Or that someone comes in and assaults you?  Yet you 
still get the person on the news saying "we never had to lock our doors 
before...I guess it's just getting too dangerous a world to not do that 
anymore..."

I'd rather go through that extra five second hassle and *take my keys 
with me* and *lock the friggin' door*.  Just so I can say I wasn't an 
idiot for inviting the problem in the first place.  Maybe it would 
never happen.  Maybe nothing will, and chances are that if someone 
really wanted to break into my house they're going to find a way.  But 
I don't want them to have it so easy as to just walk through the bloody 
door.

Want my data?  Steal the CPU.  You'll need to get the hard drive out.  
It's always in a state where either I'm at the console or it's asking 
for a password.

Besides, it helps me remember my passwords to be using them all the 
time :-)

You just never know when someone will want to pull a little "prank" 
that you won't have patience or time for.

> But people should not have to be looking over their shoulders
> where they live, eat, sleep.  This is a college, not a kindergarden.

True, and all security is a tradeoff.  People should realize that the 
five seconds it takes to lock and unlock a console is not a huge 
detriment to their schedule, and that taking reasonable precautions 
against theft and vandalism will save them time down the road that "one 
time" that someone decides to do something to them for giggles.

Yes, it's a college.  And like humans everywhere else, they act like 
giant kids.  Hell, they use college as an EXCUSE to act like idiots.  
You know...all that PRESSURE they're under.  The tests.  The essays.  
The reports.  The heavy drinking.  They have to vent SOMEHOW.  Besides, 
how high does a Dell monitor bounce from the third floor dorm window??

> Your logic is of the variety of "well, the security scanners at the
> airports didn't do what they were supposed to be doing, so we
> deserved to have the WTC collapsed".  In other words, it only appears
> on the surface to be reasonable, and that is because the problems
> don't involve people dying.  But it is fatally flawed.  If the
> world really operated like you seem to think, it would be anarchy.

What, that people will be people and it's better to take the five 
seconds to take "reasonable" precautions is out of line? I see it as 
taking responsibility for my belongings (and in college, those of my 
roommate's as well).  My roommate and I got into a habit of carrying 
our keys...it kept us from being locked out of our cars, it kept our 
belongings from disappearing from our college apartment.  Nothing would 
probably have happened if we didn't do this, but it was insurance.  I 
don't *expect* my house to burn down, but I am insured for it.

Your parallel doesn't quite cut it.  Smuggling things onboard a plane 
that is contraband is a little different than playing pranks and using 
your computer in an unauthorized manner.  It crosses many lines.  I am 
taking responsibility for my data when I take a few seconds to lock the 
console.  To search someone for every possible danger they may pose to 
a plane not only crosses into crossing personal space and privacy, but 
is impossible against someone who is *determined* to cause a problem.

Maybe I'm not quite seeing what you are arguing in the comparison...how 
the conclusion logically follows your line of reasoning.

>> Your reactions are your policies and your rules; if they work for you,
>> that's all and good.  If students continue to play stupid and allow
>> things like this to happen to their computers, then so be it.  Or you
>> can nail them a couple times and have them wise up for it.
>
> Much, much better to nail up the actual criminals not the victims.

Of course.  HOWEVER,...(isn't there always a however?)...there are some 
people who invite trouble.  The world isn't a happy merry place and we 
can't always tell who did something vs. who is impersonating them vs. 
if they're just plain LYING to cover their butts.  Especially with 
students.  "You can't prove I was  using that computer so you can't 
nail me for it...someone else came in here and did it!"  Well, fine. 
Slap them on the wrist, tell them to take measures to prevent it from 
happening in the future.  After a few times, they shouldn't know 
better.

I wasn't suggesting crucifying them for being stupid, but rather make 
it inconvenient or enough of a hassle for them that they take 
responsibility for their systems or their identities, or if they're 
lying, enough to make them consider not doing it again.  Unless you can 
catch them red handed.  Otherwise you're going to have a whole dorm of 
people claiming some friggin' ghost is using their computer to mess 
with the web server when they go take a leak for five minutes and of 
COURSE, they have NO CLUE how it happened.  Jails are filled with 
innocent people.  Just ask the prisoners.

> He is having money troubles.  However, just because he is having money
> troubles does not change one iota what the only solution really is.

100% agree.

> But I warned him that he is taking a huge risk here - if he really
> pisses off someone that is knowledgeable, then he's going to be
> royally screwed.  5 minutes with a packet sniffer will tell someone if
> they are on a switch or a dumb hub, and as long as he's got any
> dumb hubs on the network at all, he's taking a huge risk.  And breaking
> into insecure Windows systems - and they got at least 2000 ones to
> try - is like shooting fish in a barrel.

But of course.  This conversely plays his ability for politics too.  
Take down the campus systems after warning the holders of the purse 
strings several times, then have it go all to hell for extended periods 
of time...either he'll lose his job, or the "I TOLD YOU!!!" will loosen 
the strings a bit.  He's in a tough spot, and if management will NOT 
support him for a true fix, it's time to start polishing the resume', 
because it gets worse before getting better...if it ever does.  Playing 
cat and mouse with a fledgling black hat will help with his skills 
though :-)

Pissing off anyone who thinks they're "l337" carries risks.  For all he 
knows, he may find his tires slashed if the kid gets nailed with an 
expulsion.  Or servers that are vandalized from a breakin.  He may be 
targeted to the point where paranoia is no longer unwarranted.  You 
*never know*!!

And I'm not making light of the situation...these are all possible 
things.  Maybe the kids will get bored and stop.  Maybe they'll move on 
to other things.  Maybe they just wanted to test the waters and thought 
this was amusing.  Maybe they'll stop once they get a little nudge in 
the "um...not funny guys..." direction.

They obviously aren't very bright or have a personal grudge if they're 
willing to take down school resources for amusement.  They're shooting 
themselves in the foot.  Sounds like they are idiots who are miffed at 
the school for something.

> But, it really is like pissing into a fan to try to tell any of these
> academic types this sort of thing.  All of them are so fragging hung
> up on the cost end that they will happily chop their fingers off
> to save a nickel - unless that is, they are buying new football jerseys
> for the football team, or other sacred cow.

True enough.  That's why I suggested the above...the system goes down, 
it's amazing how that helps loosen the purse strings, because it's 
*needed* and they don't see that until something happens.  The guy is 
trying to do his job but if they don't support him, that position will 
always be a temporary stepping stone to a real position where it won't 
lead to premature greying and nervous breakdowns.

-Bart

More information about the freebsd-questions mailing list