From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 28 13:40:10 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 96B9F16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Sep 2004 13:40:10 +0000 (GMT)
Received: from grog.secure-computing.net (grog.secure-computing.net
	[63.228.14.241])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F23243D48
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Sep 2004 13:40:10 +0000 (GMT)
	(envelope-from ecrist@secure-computing.net)
Received: from [67.1.199.77] (0-1pool199-77.nas2.fargo1.nd.us.da.qwest.net
	[67.1.199.77])	(authenticated bits=0)i8SDd8S4045722;
	Tue, 28 Sep 2004 08:39:53 -0500 (CDT)
	(envelope-from ecrist@secure-computing.net)
In-Reply-To: <LOBBIFDAGNMAMLGJJCKNCEGEEPAA.tedm@toybox.placo.com>
References: <LOBBIFDAGNMAMLGJJCKNCEGEEPAA.tedm@toybox.placo.com>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <984880D8-1153-11D9-94B7-000D9333E43C@secure-computing.net>
Content-Transfer-Encoding: 7bit
From: Eric Crist <ecrist@secure-computing.net>
Date: Tue, 28 Sep 2004 08:37:51 -0500
To: "Ted Mittelstaedt" <tedm@toybox.placo.com>
X-Pgp-Agent: GPGMail 1.0.2
X-Mailer: Apple Mail (2.619)
X-Virus-Scanned: clamd / ClamAV version 0.74, clamav-milter version 0.74a
	on grog.secure-computing.net
X-Virus-Status: Clean
cc: bsdfsse <bsdfsse@optonline.net>
cc: russell <russm-freebsd-questions@slofith.org>
cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@freebsd.org>
Subject: Re: IP address conflicts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Sep 2004 13:40:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For what it's worth, aside from some reconfiguration that could be a 
little time consuming, I would suggest putting the servers on a 
different subnet that everything else.  If all the computers that are 
not servers are supposed to be configured for DHCP, insert a FreeBSD 
box that filters out any addresses outside that subnet.

i.e. Server IP addresses are all 192.168.1.0 thru 192.168.1.50.  Set 
your DHCP server to only assign IP addresses above 192.168.1.75 and up 
or so.  I'm too lazy to do the math right now, but use the appropriate 
subnet mask and filter all the other stuff out.  Aside from those 
students disrupting some of the other users on the network, they can't 
spoof the servers anymore.

Just my $.02.

- -----
Eric F Crist
Secure Computing Networks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iEYEARECAAYFAkFZaTAACgkQRAAY9knOW+qSsACghfRW0BGQg5Rq9tShVcTbcxzY
C1IAn3FEjWy1BS4ROedTsC3MKIJehoOm
=8XMh
-----END PGP SIGNATURE-----