From owner-freebsd-net Wed Jan 19 8:56:42 2000 Delivered-To: freebsd-net@freebsd.org Received: from radius.wavefire.com (radius.workfire.net [139.142.95.252]) by hub.freebsd.org (Postfix) with SMTP id 04E70152D3 for ; Wed, 19 Jan 2000 08:56:31 -0800 (PST) (envelope-from swen@wavefire.com) Received: (qmail 26443 invoked from network); 19 Jan 2000 16:56:29 -0000 Received: from unknown (HELO swen) (139.142.167.220) by radius.workfire.net with SMTP; 19 Jan 2000 16:56:29 -0000 Message-Id: <3.0.32.20000119085747.02086430@mail.wavefire.com> X-Sender: swen@mail.wavefire.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 19 Jan 2000 08:57:47 -0800 To: Mike Nowlin , Frank Bonnet From: Chameleon Subject: Re: IP address abuse ... Cc: freebsd-net@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:10 AM 1/14/00 -0500, Mike Nowlin wrote: > >> Our primary DNS runs FreeBSD and we are facing >> a boring problem , some stupid student has >> put the same IP address than the DNS on a Linux (mandrake) >> machine , then our FreeBSD said "someone has taken my IP address" >> and stop to serve our LAN ... > >Execute him. Violently. Lots of blood and guts. > >> Is it possible with FreeBSD to avoid such trouble ? >> ( arpwatch is running on this machine ) > >Without trying this (not willing to screw up any networks right now with >the amount of brain-numbing liquid in my system at the current time), I'd >imagine you could side-step around the problem with one of the following: > >1) a static arp entry on the FBSD box that tells it where a certain IP >address should be (yours). > >2) Possibly (?) an IPFW rule something like "deny udp from 10.1.1.1 in >via fxp0" to keep your system from seeing anything coming in through fxp0 >with your IP address. (Depending on where in the tree the IPFW rules are >applied, it may also prevent your machine from seeing itself on that IP >address -- Linux does have some problems with this, and I haven't tested >how FBSD handles it.) > >3) If you're on some sort on intelligently-switched network, you should >be able to smack down any packets coming from his ethernet address. If >the switch is really smart, you can kill packets on an IP/Port level, and >keep him from sending anything out on port 53, either TCP or UDP with a >given source/dest IP address, while still allowing him to telnet to the >"daytime" port on the local HPUX machine. > >(Someone else posted:) > >>So stick with the sledgehammer. I don't think there is one in the ports >>collection, but you should be able to get one from a local hardware >>store! > >Or the sledge that I have symbolically sitting next to my desk -- yes, I >have used it on a couple of old TRS-80 CoCo's... It was fun..... :) OUCH... that hurts... have a TRS-80 model 4 sitting right here... waiting to become a fishtank... but still... :-)~ Swen > > >(And someone else posted:) >>The student is disrupting network services. Don't you have a policy to >>deal with this? (Perhaps expulsion from school if he won't change the >>IP.) > >Just threaten him with legal action. Disrupting systems is usually a very >serious offense, especially with government-funded schools. If that >doesn't work, a few well-planned words passed to a couple of local >fraternities can work nicely.... :) > >--mike > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > > Windows 98: n. useless extension to a minor patch release for 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message