From owner-freebsd-questions@FreeBSD.ORG  Mon Sep 27 05:17:14 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C417816A4CE
	for <freebsd-questions@FreeBSD.ORG>;
	Mon, 27 Sep 2004 05:17:14 +0000 (GMT)
Received: from mta1.srv.hcvlny.cv.net (mta1.srv.hcvlny.cv.net [167.206.5.67])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 82EAA43D49
	for <freebsd-questions@FreeBSD.ORG>;
	Mon, 27 Sep 2004 05:17:14 +0000 (GMT)
	(envelope-from bsdfsse@optonline.net)
Received: from [192.168.0.28] (ool-43532b7b.dyn.optonline.net [67.83.43.123])
 by mta1.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I4O0084NPCPXC@mta1.srv.hcvlny.cv.net> for
 freebsd-questions@FreeBSD.ORG; Mon, 27 Sep 2004 01:17:13 -0400 (EDT)
Date: Mon, 27 Sep 2004 01:17:23 -0400
From: bsdfsse <bsdfsse@optonline.net>
In-reply-to: <20040927085147.7b2d8575@bofh.spyderweb.com.au>
To: Tim Aslat <tim@spyderweb.com.au>
Message-id: <4157A263.7060307@optonline.net>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
References: <20040927085147.7b2d8575@bofh.spyderweb.com.au>
cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: IP address conflicts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2004 05:17:14 -0000

Hi,

Could you run a packet sniffer (like Etheral), and log the traffic for 
the specific IP's in question?  You would see when the MAC address 
changed for a given IP.

Once you knew their MAC address, you could log all their traffic.  Maybe 
block their traffic.  Ban them from your network.

thx!


Tim Aslat wrote:
> Hi All,
> 
> I have an annoying situation in a school I do casual work in their IT
> department.  There are a number of individuals within the system who
> think it's funny to allocate an IP address on a workstation identical to
> the network's proxy/web/mail servers.  What I'd like to know is, would
> there be any way of preventing this short of spending quite a lot of
> money on managed switches an the like?
> 
> I'm unable to restrict access to settings on the machines, as they are
> notebooks owned by the students/staff and could be legitimately plugged
> in anywhere in the network.
> 
> Unfortunately solitary confinement on bread & water, or public
> floggings aren't an option.
> 
> Any suggestions?
> 
> Cheers
> 
> Tim
> 
>