IP address conflicts

Ted Mittelstaedt tedm at toybox.placo.com
Sat Oct 2 23:11:15 PDT 2004



> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Bart
> Silverstrim
> Sent: Saturday, October 02, 2004 12:37 PM
> To: <freebsd-questions at freebsd.org> <freebsd-questions at freebsd.org>
> Subject: Re: IP address conflicts
> 
> 
> 
> On Oct 2, 2004, at 2:27 PM, Ted Mittelstaedt wrote:
> > The problem is that if the attacker has a modicum of intelligence they
> > will have done this to someone elses' system.
> 
> Yet you say this is taking place in colleges... :-)
> 

ROTFL

> > This is a college.  For example, someone in a dorm room just surfing 
> > the web
> > gets up to take a piss.  As soon as they walk out the door and go down 
> > the
> > hall, some joker down the hall runs into their room and in a few 
> > seconds
> > changes the IP number of their PC to that of the mailserver then runs 
> > out.
> > Bullshit like this happens all the time.
> 
> Funny how just yesterday there was some slash story about users not 
> being careful with security.  My systems this wouldn't be effective.  
> Screen saver is hot cornered and password protected.  In the school 
> office, control-alt-del->k.  When I was in college, there was this 
> thing where your "friends" would steal your mattress...mattress police. 
>   They would hide it somewhere on campus.  Never happened to my roommate 
> and I, because we carried our keys with us and locked the bedroom when 
> we weren't there (or in the living room connected to the hallway); no 
> reason to leave the door open if we weren't there, and our "community  
> belongings" were already outside of that room for the other roommates 
> and friends to use.
> 

Yup.  This is self-defense in any college setting, there's too many
juveniles around.

> We try to have a policy where I work where if your account is used to 
> do something against the rules, like browse porn, you must have given 
> that person your account password or you left your account logged in 
> and walked away.  There's no way to prove who the body was sitting at 
> that console, so it is assumed to be you.  You get in trouble for it.

We try to have a policy where I work of what you call common courtesy.
That is, the stuff on someone's desk is their property and if you have
to touch it, you don't damage it.

Every once in a while we run across someone who don't understand this,
they get away with this for a while but sooner or later we reach out and
fire them.  Apparently, they all go to work at your place.
  
> You allowed it, you were irresponsible, and you're going to get hassled 
> for it until you learn to take responsibility for your belongings 
> (including your identity) within reason.  It is not unreasonable to 
> expect people to not give their passwords out and to log off of a 
> console when they're done using it.
> 

I think the double negatives there are a bit too much for most people.

It is unreasonable to expect people to have to act like they are in
kindergarden when they are in the middle of a network room that has a
sum total of 20 people who can access it, all of whom are paid more than
50K a year.

Naturally, if your working with a system in an insecure area, you 
follow secure procedures.  For example if your at a customer site
you assume that their machine is infected with a key logger, and
don't touch anything at the mothership that isn't password-aged
regularly.  Same goes if your traveling and using something like
an Internet kiosk.

But people should not have to be looking over their shoulders 
where they live, eat, sleep.  This is a college, not a kindergarden.

Your logic is of the variety of "well, the security scanners at the
airports didn't do what they were supposed to be doing, so we
deserved to have the WTC collapsed".  In other words, it only appears
on the surface to be reasonable, and that is because the problems
don't involve people dying.  But it is fatally flawed.  If the
world really operated like you seem to think, it would be anarchy.

> Your reactions are your policies and your rules; if they work for you, 
> that's all and good.  If students continue to play stupid and allow 
> things like this to happen to their computers, then so be it.  Or you 
> can nail them a couple times and have them wise up for it.

Much, much better to nail up the actual criminals not the victims.

> 
> > The only solution is to use managed switches with a modicum of 
> > intelligence
> > to where you can build a MAC filter that disallows packets that 
> > originate
> > from
> > the end users that have the same MAC as the mailserver, (to block 
> > spoofers)
> > and that allows you to dump the internal MAC table.
> 
> This is a good infrastructure to the network change and it would also 
> solve the problem.  I thought he was having money troubles and needed a 
> quick solution to try solving the problem, while this solution would be 
> done in the future once funds are released and time can be allocated to 
> switch things over.  It sounded like his network was somewhat in 
> shambles at the moment.
> 

He is having money troubles.  However, just because he is having money
troubles does not change one iota what the only solution really is.

Sure, he's going to try to half-ass it, he probably will try dropping
some more managed devices into the areas like the dorms that are likely
to have the biggest troublemakers.  If the people he is dealing with
really are morons, and he is lucky and catches a few of them right
away and gets them shot at dawn, it might put a enough of a damper on
the fun to cow the rest of the script kiddies.

But I warned him that he is taking a huge risk here - if he really
pisses off someone that is knowledgeable, then he's going to be
royally screwed.  5 minutes with a packet sniffer will tell someone if
they are on a switch or a dumb hub, and as long as he's got any
dumb hubs on the network at all, he's taking a huge risk.  And breaking
into insecure Windows systems - and they got at least 2000 ones to
try - is like shooting fish in a barrel.

But, it really is like pissing into a fan to try to tell any of these
academic types this sort of thing.  All of them are so fragging hung
up on the cost end that they will happily chop their fingers off
to save a nickel - unless that is, they are buying new football jerseys
for the football team, or other sacred cow.

Ted


More information about the freebsd-questions mailing list