On Sat, Feb 02, 2002 at 11:24:18PM -0500, Jeff Hellige wrote:
> > However, the admin must assume that someone WILL just walk in and do
> >whatever they wish, when the admin least expects it...some people do
> >it because they're assholes, some just do it without thinking because
> >they weren't raised to have any manners. One must strive to make the
> >network resilient to such crap.
>
> True. I was looking at it from the point as to whether it
> was ok for someone to do it at all, regardless of what thier motives
> might be behind it or whether the network was secure enough to handle
> it if someone did happen to do so. With our LAN for instance, we
> don't enable or allow DHCP at all...everyone is on static IP
> addresses. We're always having to track down conflicts though
> because there's a small group within the building that think they can
> do whatever they wish.
How about using DHCP to ground them? As in:
- all machines legitimately using the network are known as well as
their ethernet addresses,
- assign all those legitimate machines an (basically fixed) IP via
DHCP,
- for all unregistered machines, offer them IP addresses in the
127.0.0.0 range as well as themself as their default router and other
stuff to make their network connection a notwork connection
You still get notified of them via the logs of your DHCP server and -
given suitable networking hardware - can track them down.
Regards,
Alex.
--
9./10. M?rz 2002: 4. Chemnitzer Linux-Tag http://www.tu-chemnitz.de/linux/tag/
"I sense much NT in you. NT leads to Blue Screen, Blue Screen leads to
downtime, downtime leads to suffering. NT is the path to the Dark Side."
-- Ellsworth, one small voice
Received on Sat Feb 02 2002 - 23:12:34 GMT