From owner-freebsd-questions@FreeBSD.ORG Sun Oct 3 07:51:03 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D289316A4CE for ; Sun, 3 Oct 2004 07:51:03 +0000 (GMT) Received: from smtp.prodigy.net.mx (nlpproxy02.prodigy.net.mx [148.235.52.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F2C643D4C for ; Sun, 3 Oct 2004 07:51:03 +0000 (GMT) (envelope-from mapsware@prodigy.net.mx) Received: from smtp.prodigy.net.mx (nlpproxy02 [148.235.52.22]) by smtp.prodigy.net.mx (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0I5000HG80H11G@smtp.prodigy.net.mx>; Sun, 03 Oct 2004 02:51:01 -0500 (CDT) Received: from[201.137.226.99])(built Sep 8 2003))with ESMTP id <0I5000M6H0H0LL@smtp.prodigy.net.mx>; Sun, 03 Oct 2004 02:51:01 -0500 (CDT) Date: Sun, 03 Oct 2004 00:51:01 -0700 From: Martin Paredes In-reply-to: To: Ted Mittelstaedt , Matthew Seaman , Tim Aslat Message-id: <200410030051.01989.mapsware@prodigy.net.mx> Organization: MAPSware MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Content-disposition: inline User-Agent: KMail/1.5.4 X-imss-version: 2.5 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:19 M:2 S:5 R:5 X-imss-settings: Baseline:3 C:2 M:2 S:2 R:2 (0.5000 1.0000) References: cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: IP address conflicts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Oct 2004 07:51:03 -0000 > > > > Well, you could move all of the servers onto a separate network to any > > of the individual client machines (and make sure that the server > > network isn't accessible from any of the network ports your clients > > have access to, clearly). That way, even if one of your pet idiots > > decides to 'borrow' a server IP address, the network routing means > > that all they are going to do is hurt themselves. > > Think of this for a second. Right now he has maybe 4-5 different servers > that > people are putting the IP numbers on. Once you move all those servers onto > a > separate subnet, now all the little twits have to do is put the IP number > of the gateway router onto their systems, then the entire subnet that ALL > the servers are on becomes inaccessible. > if you have 20 buildings, you must create 20 subnets as minimun. try to isolate the public ports (any one can conect) like computers labs rooms from the used by people that work in the school (administratives offices) also, try to isolate floors or rooms so you can arrive to this room and review the pc that are connected (the subnet may be of 32 or 64 hosts) put an special area (on his own subnet) by building to allow students to connect his cumputers. request help from the labs administrators and the workers of the school to watch for person that get pc or laptop inside labs (maybe must search inside bags) and if the problem happen, at least you know some faces. maps