Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Sep 2004 10:19:18 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Eric Crist" <ecrist@secure-computing.net>
Cc:        "freebsd-questions@FreeBSD.ORG" <freebsd-questions@freebsd.org>
Subject:   RE: IP address conflicts
Message-ID:  <LOBBIFDAGNMAMLGJJCKNGEGFEPAA.tedm@toybox.placo.com>
In-Reply-To: <984880D8-1153-11D9-94B7-000D9333E43C@secure-computing.net>

next in thread | previous in thread | raw e-mail | index | archive | help


> -----Original Message-----
> From: Eric Crist [mailto:ecrist@secure-computing.net]
> Sent: Tuesday, September 28, 2004 6:38 AM
> To: Ted Mittelstaedt
> Cc: russell; bsdfsse; freebsd-questions@FreeBSD.ORG
> Subject: Re: IP address conflicts
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> For what it's worth, aside from some reconfiguration that could be a
> little time consuming, I would suggest putting the servers on a
> different subnet that everything else.  If all the computers that are
> not servers are supposed to be configured for DHCP, insert a FreeBSD
> box that filters out any addresses outside that subnet.
>
> i.e. Server IP addresses are all 192.168.1.0 thru 192.168.1.50.  Set
> your DHCP server to only assign IP addresses above 192.168.1.75 and up
> or so.  I'm too lazy to do the math right now, but use the appropriate
> subnet mask and filter all the other stuff out.  Aside from those
> students disrupting some of the other users on the network, they can't
> spoof the servers anymore.
>

No, they just spoof the IP address of the router that the servers are
behind, and accomplish exactly the same goal.

It actually makes it easier because instead of multiple servers and multiple
IP numbers the attackers need to spoof, they only now need spoof 1 IP
number -
that of the router the servers are behind.

Ted



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNGEGFEPAA.tedm>