Date: Wed, 19 Jan 2000 08:57:47 -0800 From: Chameleon <swen@wavefire.com> To: Mike Nowlin <mike@argos.org>, Frank Bonnet <bonnetf@bart.esiee.fr> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IP address abuse ... Message-ID: <3.0.32.20000119085747.02086430@mail.wavefire.com>
next in thread | raw e-mail | index | archive | help
At 03:10 AM 1/14/00 -0500, Mike Nowlin wrote:
>
>> Our primary DNS runs FreeBSD and we are facing
>> a boring problem , some stupid student has
>> put the same IP address than the DNS on a Linux (mandrake)
>> machine , then our FreeBSD said "someone has taken my IP address"
>> and stop to serve our LAN ...
>
>Execute him. Violently. Lots of blood and guts.
>
>> Is it possible with FreeBSD to avoid such trouble ?
>> ( arpwatch is running on this machine )
>
>Without trying this (not willing to screw up any networks right now with
>the amount of brain-numbing liquid in my system at the current time), I'd
>imagine you could side-step around the problem with one of the following:
>
>1) a static arp entry on the FBSD box that tells it where a certain IP
>address should be (yours).
>
>2) Possibly (?) an IPFW rule something like "deny udp from 10.1.1.1 in
>via fxp0" to keep your system from seeing anything coming in through fxp0
>with your IP address. (Depending on where in the tree the IPFW rules are
>applied, it may also prevent your machine from seeing itself on that IP
>address -- Linux does have some problems with this, and I haven't tested
>how FBSD handles it.)
>
>3) If you're on some sort on intelligently-switched network, you should
>be able to smack down any packets coming from his ethernet address. If
>the switch is really smart, you can kill packets on an IP/Port level, and
>keep him from sending anything out on port 53, either TCP or UDP with a
>given source/dest IP address, while still allowing him to telnet to the
>"daytime" port on the local HPUX machine.
>
>(Someone else posted:)
>
>>So stick with the sledgehammer. I don't think there is one in the ports
>>collection, but you should be able to get one from a local hardware
>>store!
>
>Or the sledge that I have symbolically sitting next to my desk -- yes, I
>have used it on a couple of old TRS-80 CoCo's... It was fun..... :)
OUCH... that hurts... have a TRS-80 model 4 sitting right here...
waiting to become a fishtank... but still...
:-)~
Swen
>
>
>(And someone else posted:)
>>The student is disrupting network services. Don't you have a policy to
>>deal with this? (Perhaps expulsion from school if he won't change the
>>IP.)
>
>Just threaten him with legal action. Disrupting systems is usually a very
>serious offense, especially with government-funded schools. If that
>doesn't work, a few well-planned words passed to a couple of local
>fraternities can work nicely.... :)
>
>--mike
>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-net" in the body of the message
>
>
<bold>Windows 98</bold>: n.
useless extension to a minor patch release for
32-bit extensions and a graphical shell for a
16-bit patch to an 8-bit operating system
originally coded for a 4-bit microprocessor,
written by a 2-bit company that can't stand for
1 bit of competition.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.20000119085747.02086430>