Maybe OT: Network ethics

From: Alexander Schreiber <als_at_thangorodrim.de>
Date: Sat Feb 2 23:12:34 2002

On Sat, Feb 02, 2002 at 11:24:18PM -0500, Jeff Hellige wrote:
> > However, the admin must assume that someone WILL just walk in and do
> >whatever they wish, when the admin least expects it...some people do
> >it because they're assholes, some just do it without thinking because
> >they weren't raised to have any manners. One must strive to make the
> >network resilient to such crap.
>
> True. I was looking at it from the point as to whether it
> was ok for someone to do it at all, regardless of what thier motives
> might be behind it or whether the network was secure enough to handle
> it if someone did happen to do so. With our LAN for instance, we
> don't enable or allow DHCP at all...everyone is on static IP
> addresses. We're always having to track down conflicts though
> because there's a small group within the building that think they can
> do whatever they wish.

How about using DHCP to ground them? As in:
 - all machines legitimately using the network are known as well as
   their ethernet addresses,
 - assign all those legitimate machines an (basically fixed) IP via
   DHCP,
 - for all unregistered machines, offer them IP addresses in the
   127.0.0.0 range as well as themself as their default router and other
   stuff to make their network connection a notwork connection

You still get notified of them via the logs of your DHCP server and -
given suitable networking hardware - can track them down.

Regards,
       Alex.
-- 
9./10. M?rz 2002: 4. Chemnitzer Linux-Tag http://www.tu-chemnitz.de/linux/tag/
"I sense much NT in you. NT leads to Blue Screen, Blue Screen leads to 
downtime, downtime leads to suffering. NT is the path to the Dark Side."
                                               -- Ellsworth, one small voice
Received on Sat Feb 02 2002 - 23:12:34 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:34:43 BST