From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 17:45:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B2D216A4CE for ; Tue, 28 Sep 2004 17:45:02 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B8D843D3F for ; Tue, 28 Sep 2004 17:45:02 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) i8SHSmq41852; Tue, 28 Sep 2004 10:28:48 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Peter Risdon" Date: Tue, 28 Sep 2004 10:28:48 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: <4159400A.6060308@circlesquared.com> Importance: Normal cc: "freebsd-questions@FreeBSD.ORG" Subject: RE: IP address conflicts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 17:45:02 -0000 > -----Original Message----- > From: Peter Risdon [mailto:peter@circlesquared.com] > Sent: Tuesday, September 28, 2004 3:42 AM > To: Ted Mittelstaedt > Cc: Matthew Seaman; Tim Aslat; freebsd-questions@FreeBSD.ORG > Subject: Re: IP address conflicts > > > It's nice to hear of kids understanding enough of their IT systems to do > this sort of thing, and this is what they'll do if they can. But why can > the pupils alter their network settings at all? Because they own the machines? > Assuming they have > Windows machines, the registries can be tweaked to deny access to > network settings and other things that creative minds can play games > with. This can be done through their network logins. > Which they can easily bypass by just not running the login script. The OP said that some of the systems on the network are student-owned laptops and student-owned desktops that students are bringing in from home to plug into the school network. Even if the admin successfully manages to lock out the administrative settings on the laptops, a nuke and repave will take care of that. And there's serious questions about having the authority to do this anyway. The school does not own these systems nor does it have the manpower to administrate all of them, even if every student was happy to turn over administrative control. Sure, you could say that the student has to give up administrative control over his Windows box before getting access to the school servers - but the people that are causing the trouble don't need access to the servers to do this kind of disruption in the first place. All they need is physical acess to a network port and they are in business. They don't even need an IP number assigned to their systems. Ted