Date: Sat, 2 Oct 2004 23:11:07 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Bart Silverstrim" <bsilver@chrononomicon.com>, <freebsd-questions@freebsd.org> Subject: RE: IP address conflicts Message-ID: <LOBBIFDAGNMAMLGJJCKNKEGNEPAA.tedm@toybox.placo.com> In-Reply-To: <6204B748-14AA-11D9-BD30-000D932C89A2@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Bart > Silverstrim > Sent: Saturday, October 02, 2004 12:37 PM > To: <freebsd-questions@freebsd.org> <freebsd-questions@freebsd.org> > Subject: Re: IP address conflicts > > > > On Oct 2, 2004, at 2:27 PM, Ted Mittelstaedt wrote: > > The problem is that if the attacker has a modicum of intelligence they > > will have done this to someone elses' system. > > Yet you say this is taking place in colleges... :-) > ROTFL > > This is a college. For example, someone in a dorm room just surfing > > the web > > gets up to take a piss. As soon as they walk out the door and go down > > the > > hall, some joker down the hall runs into their room and in a few > > seconds > > changes the IP number of their PC to that of the mailserver then runs > > out. > > Bullshit like this happens all the time. > > Funny how just yesterday there was some slash story about users not > being careful with security. My systems this wouldn't be effective. > Screen saver is hot cornered and password protected. In the school > office, control-alt-del->k. When I was in college, there was this > thing where your "friends" would steal your mattress...mattress police. > They would hide it somewhere on campus. Never happened to my roommate > and I, because we carried our keys with us and locked the bedroom when > we weren't there (or in the living room connected to the hallway); no > reason to leave the door open if we weren't there, and our "community > belongings" were already outside of that room for the other roommates > and friends to use. > Yup. This is self-defense in any college setting, there's too many juveniles around. > We try to have a policy where I work where if your account is used to > do something against the rules, like browse porn, you must have given > that person your account password or you left your account logged in > and walked away. There's no way to prove who the body was sitting at > that console, so it is assumed to be you. You get in trouble for it. We try to have a policy where I work of what you call common courtesy. That is, the stuff on someone's desk is their property and if you have to touch it, you don't damage it. Every once in a while we run across someone who don't understand this, they get away with this for a while but sooner or later we reach out and fire them. Apparently, they all go to work at your place. > You allowed it, you were irresponsible, and you're going to get hassled > for it until you learn to take responsibility for your belongings > (including your identity) within reason. It is not unreasonable to > expect people to not give their passwords out and to log off of a > console when they're done using it. > I think the double negatives there are a bit too much for most people. It is unreasonable to expect people to have to act like they are in kindergarden when they are in the middle of a network room that has a sum total of 20 people who can access it, all of whom are paid more than 50K a year. Naturally, if your working with a system in an insecure area, you follow secure procedures. For example if your at a customer site you assume that their machine is infected with a key logger, and don't touch anything at the mothership that isn't password-aged regularly. Same goes if your traveling and using something like an Internet kiosk. But people should not have to be looking over their shoulders where they live, eat, sleep. This is a college, not a kindergarden. Your logic is of the variety of "well, the security scanners at the airports didn't do what they were supposed to be doing, so we deserved to have the WTC collapsed". In other words, it only appears on the surface to be reasonable, and that is because the problems don't involve people dying. But it is fatally flawed. If the world really operated like you seem to think, it would be anarchy. > Your reactions are your policies and your rules; if they work for you, > that's all and good. If students continue to play stupid and allow > things like this to happen to their computers, then so be it. Or you > can nail them a couple times and have them wise up for it. Much, much better to nail up the actual criminals not the victims. > > > The only solution is to use managed switches with a modicum of > > intelligence > > to where you can build a MAC filter that disallows packets that > > originate > > from > > the end users that have the same MAC as the mailserver, (to block > > spoofers) > > and that allows you to dump the internal MAC table. > > This is a good infrastructure to the network change and it would also > solve the problem. I thought he was having money troubles and needed a > quick solution to try solving the problem, while this solution would be > done in the future once funds are released and time can be allocated to > switch things over. It sounded like his network was somewhat in > shambles at the moment. > He is having money troubles. However, just because he is having money troubles does not change one iota what the only solution really is. Sure, he's going to try to half-ass it, he probably will try dropping some more managed devices into the areas like the dorms that are likely to have the biggest troublemakers. If the people he is dealing with really are morons, and he is lucky and catches a few of them right away and gets them shot at dawn, it might put a enough of a damper on the fun to cow the rest of the script kiddies. But I warned him that he is taking a huge risk here - if he really pisses off someone that is knowledgeable, then he's going to be royally screwed. 5 minutes with a packet sniffer will tell someone if they are on a switch or a dumb hub, and as long as he's got any dumb hubs on the network at all, he's taking a huge risk. And breaking into insecure Windows systems - and they got at least 2000 ones to try - is like shooting fish in a barrel. But, it really is like pissing into a fan to try to tell any of these academic types this sort of thing. All of them are so fragging hung up on the cost end that they will happily chop their fingers off to save a nickel - unless that is, they are buying new football jerseys for the football team, or other sacred cow. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNKEGNEPAA.tedm>