Date: Mon, 27 Sep 2004 20:25:48 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "russell" <russm-freebsd-questions@slofith.org>, "bsdfsse" <bsdfsse@optonline.net> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@freebsd.org> Subject: RE: IP address conflicts Message-ID: <LOBBIFDAGNMAMLGJJCKNGEGCEPAA.tedm@toybox.placo.com> In-Reply-To: <253578F8-1047-11D9-83E5-000A95DA456C@slofith.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of russell > Sent: Sunday, September 26, 2004 10:36 PM > To: bsdfsse > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: IP address conflicts > > > or use a tool like arpwatch that is specifically designed to let you > know when MAC/IP relationships change on your network. > You don't even need to do that - any router on the network is going to log the MAC address because they will see the arp change, as will the other servers. > you log the MAC addresses of all the fixed workstations in the school, > then when one of them starts doing the wrong thing you know *exactly* > where to go to nab the culprit. How, exactly? Do you think that he has a list of all MAC addresses on the network and who is using them? Getting the MAC address is not the problem. Finding it on what is essentially a completely flat network is. You need managed switches for this so you can see what port the offending MAC address is on. > If it's not one of the fixed > workstations then you've got a bit more work to find the kiddie, but > it's nothing insurmountable. > Unless of course the kiddies are using made up MAC addresses like BADBEEF, DEADBEEF, CO1DCOED, and such. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNGEGCEPAA.tedm>