Date: Fri, 24 Mar 2006 09:32:43 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Mark Jayson Alvarez <jay2xra@yahoo.com> Cc: questions@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? Message-ID: <4423AEAB.2050001@locolomo.org> In-Reply-To: <20060324080757.50004.qmail@web51606.mail.yahoo.com> References: <20060324080757.50004.qmail@web51606.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Jayson Alvarez wrote: > Hi, > > Ok here's our problems. Mostly pertaining to tracking down who is this > user eating up our bandwidth or who is this user flooding our network. > > 1. Users when they want to plug a machine to the network... let's say > their own testbeds, they will choose whatever ip they want possibly > stealing used ip's. > > 2. Users workstations are mixed Windows and *nixes. Most windows > machines are getting infected with worm from time to time... Some of > them are not so skillful enough to clean their own workstations. Given > an unmanaged ip allocation, it would also be hard to trace which > machines are causing the network congestion. > > 3. Some users with public workstations and testbeds are eating up > bandwidth through file sharing...Still hard to trace this without proper > ip allocation management. If the problem is that users choose occupied ips by accident rather than by bad will, then use dhcp. Windows users and novices will thank you for not having to deal with the configuration and you can say "just plug it in and it works". If you want to make people aware of what it means to be on the network, register their hosts with mac address and have them sign a paper with your AUP. Track changes with arpwatch. Assign a segment of your address space to testbeds, tell people who want to experiment that they choose an ip in that segment. That segment should be blocked or only have access to limited services such as dns, ftp and http. Block all access to port 25 on internet to make sure that mail is sent through your mailserver. Require authentication for smtp. This means that at least you won't spread the viruses that infect the windows clients. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4423AEAB.2050001>