Date: Sat, 2 Oct 2004 15:36:40 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: <freebsd-questions@freebsd.org> <freebsd-questions@freebsd.org> <freebsd-questions@freebsd.org> Subject: Re: IP address conflicts Message-ID: <6204B748-14AA-11D9-BD30-000D932C89A2@chrononomicon.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNCEGMEPAA.tedm@toybox.placo.com> References: <LOBBIFDAGNMAMLGJJCKNCEGMEPAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 2, 2004, at 2:27 PM, Ted Mittelstaedt wrote: > The problem is that if the attacker has a modicum of intelligence they > will have done this to someone elses' system. Yet you say this is taking place in colleges... :-) > This is a college. For example, someone in a dorm room just surfing > the web > gets up to take a piss. As soon as they walk out the door and go down > the > hall, some joker down the hall runs into their room and in a few > seconds > changes the IP number of their PC to that of the mailserver then runs > out. > Bullshit like this happens all the time. Funny how just yesterday there was some slash story about users not being careful with security. My systems this wouldn't be effective. Screen saver is hot cornered and password protected. In the school office, control-alt-del->k. When I was in college, there was this thing where your "friends" would steal your mattress...mattress police. They would hide it somewhere on campus. Never happened to my roommate and I, because we carried our keys with us and locked the bedroom when we weren't there (or in the living room connected to the hallway); no reason to leave the door open if we weren't there, and our "community belongings" were already outside of that room for the other roommates and friends to use. We try to have a policy where I work where if your account is used to do something against the rules, like browse porn, you must have given that person your account password or you left your account logged in and walked away. There's no way to prove who the body was sitting at that console, so it is assumed to be you. You get in trouble for it. You allowed it, you were irresponsible, and you're going to get hassled for it until you learn to take responsibility for your belongings (including your identity) within reason. It is not unreasonable to expect people to not give their passwords out and to log off of a console when they're done using it. Your reactions are your policies and your rules; if they work for you, that's all and good. If students continue to play stupid and allow things like this to happen to their computers, then so be it. Or you can nail them a couple times and have them wise up for it. "Honest! I didn't put kiddie porn on that computer...my...my roommate did it! Or a computer virus did it!" "OH!!! Nevermind then..." > The only solution is to use managed switches with a modicum of > intelligence > to where you can build a MAC filter that disallows packets that > originate > from > the end users that have the same MAC as the mailserver, (to block > spoofers) > and that allows you to dump the internal MAC table. This is a good infrastructure to the network change and it would also solve the problem. I thought he was having money troubles and needed a quick solution to try solving the problem, while this solution would be done in the future once funds are released and time can be allocated to switch things over. It sounded like his network was somewhat in shambles at the moment. > That way when someone pulls their fun your going to see their MAC in > your > routers, and you can then look at the switches and see exactly what > port is > being used. Any way to have it send a 50,000 volt spike through that port? -Bart
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6204B748-14AA-11D9-BD30-000D932C89A2>