Date: Tue, 28 Sep 2004 11:42:18 +0100 From: Peter Risdon <peter@circlesquared.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@freebsd.org> Subject: Re: IP address conflicts Message-ID: <4159400A.6060308@circlesquared.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNCEGCEPAA.tedm@toybox.placo.com> References: <LOBBIFDAGNMAMLGJJCKNCEGCEPAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Mittelstaedt wrote: > >>-----Original Message----- >>From: owner-freebsd-questions@freebsd.org >>[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Matthew Seaman >>Sent: Monday, September 27, 2004 2:22 AM >>To: Tim Aslat >>Cc: freebsd-questions@FreeBSD.ORG >>Subject: Re: IP address conflicts >> >> >>On Mon, Sep 27, 2004 at 08:51:47AM +0930, Tim Aslat wrote: >> >> >>>I have an annoying situation in a school I do casual work in their IT >>>department. There are a number of individuals within the system who >>>think it's funny to allocate an IP address on a workstation identical to >>>the network's proxy/web/mail servers. What I'd like to know is, would >>>there be any way of preventing this short of spending quite a lot of >>>money on managed switches an the like? >> >>Well, you could move all of the servers onto a separate network to any >>of the individual client machines (and make sure that the server >>network isn't accessible from any of the network ports your clients >>have access to, clearly). That way, even if one of your pet idiots >>decides to 'borrow' a server IP address, the network routing means >>that all they are going to do is hurt themselves. >> > > > You must want to HELP the little shits then. > > Think of this for a second. Right now he has maybe 4-5 different servers > that > people are putting the IP numbers on. Once you move all those servers onto > a > separate subnet, now all the little twits have to do is put the IP number of > the gateway router onto their systems, then the entire subnet that ALL the > servers are on becomes inaccessible. It's nice to hear of kids understanding enough of their IT systems to do this sort of thing, and this is what they'll do if they can. But why can the pupils alter their network settings at all? Assuming they have Windows machines, the registries can be tweaked to deny access to network settings and other things that creative minds can play games with. This can be done through their network logins. Peter. -- the circle squared network systems and software http://www.circlesquared.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4159400A.6060308>