IP address conflicts

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Sep 28 00:52:05 PDT 2004 

On Mon, Sep 27, 2004 at 08:20:42PM -0700, Ted Mittelstaedt wrote:
> 
> 
> > -----Original Message-----
> > From: owner-freebsd-questions at freebsd.org
> > [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Matthew Seaman
> > Sent: Monday, September 27, 2004 2:22 AM
> > To: Tim Aslat
> > Cc: freebsd-questions at FreeBSD.ORG
> > Subject: Re: IP address conflicts
> >
> >
> > On Mon, Sep 27, 2004 at 08:51:47AM +0930, Tim Aslat wrote:
> >
> > > I have an annoying situation in a school I do casual work in their IT
> > > department.  There are a number of individuals within the system who
> > > think it's funny to allocate an IP address on a workstation identical to
> > > the network's proxy/web/mail servers.  What I'd like to know is, would
> > > there be any way of preventing this short of spending quite a lot of
> > > money on managed switches an the like?
> >
> > Well, you could move all of the servers onto a separate network to any
> > of the individual client machines (and make sure that the server
> > network isn't accessible from any of the network ports your clients
> > have access to, clearly).  That way, even if one of your pet idiots
> > decides to 'borrow' a server IP address, the network routing means
> > that all they are going to do is hurt themselves.
> >
> 
> You must want to HELP the little shits then.

Please do not ascribe such motives to me in such an insulting manner.
You have a point, but you need to learn how to be less inflammatory in
making it.
 
> Think of this for a second.  Right now he has maybe 4-5 different servers
> that
> people are putting the IP numbers on.  Once you move all those servers onto
> a
> separate subnet, now all the little twits have to do is put the IP number of
> the gateway router onto their systems, then the entire subnet that ALL the
> servers are on becomes inaccessible.

Yes, you are quite right.  I missed that.  However the OP is stuck
between a rock and a hard place.  He (or his school) is saying they
can't afford the correct equipment to really solve the problem.  As it
is, he's getting the flak when things aren't working right (what else
is new?)

On consideration, it strikes me that the thing to realise is that this
has gone beyond a technical argument.  This is now also a political
argument and a financial argument.  His bosses do not either see the
justification for investing in equipment to make the network proof
against such attacks, neither do they have the incentive to come down
like a ton of bricks on the malefactors.  It's counter-intuitive I
know, and goes against all of the best instincts of any good systems
administrator, but the OPs arguments would be strengthened if the
problem was or /appeared to be/ *worse* than it is currently.

	Machiavellianly,

	Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040928/fcc2a73c/attachment.bin

More information about the freebsd-questions mailing list