Re: How do you keep users from stealing other user's ip??

Mark Jayson Alvarez wrote:
Hi,

Ok here's our problems. Mostly pertaining to tracking down who is this user eating up our bandwidth or who is this user flooding our network.

1. Users when they want to plug a machine to the network... let's say their own testbeds, they will choose whatever ip they want possibly stealing used ip's.

2. Users workstations are mixed Windows and *nixes. Most windows machines are getting infected with worm from time to time... Some of them are not so skillful enough to clean their own workstations. Given an unmanaged ip allocation, it would also be hard to trace which machines are causing the network congestion.

3. Some users with public workstations and testbeds are eating up bandwidth through file sharing...Still hard to trace this without proper ip allocation management.

If the problem is that users choose occupied ips by accident rather than by bad will, then use dhcp. Windows users and novices will thank you for not having to deal with the configuration and you can say "just plug it in and it works".

If you want to make people aware of what it means to be on the network, register their hosts with mac address and have them sign a paper with your AUP. Track changes with arpwatch.

Assign a segment of your address space to testbeds, tell people who want to experiment that they choose an ip in that segment. That segment should be blocked or only have access to limited services such as dns, ftp and http.

Block all access to port 25 on internet to make sure that mail is sent through your mailserver. Require authentication for smtp. This means that at least you won't spread the viruses that infect the windows clients.

Cheers, Erik

--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: How relevant is "Automatic TCP Window Tuning" in Networking Applications ?
    ... and Bandwidth is the bandwidth of the network. ... For a local network of 100 MBits/sec, a really awful RTT is around 1 ... In normal Windows installations, the default size of the buffers is 8K. ...
    (microsoft.public.win32.programmer.networks)
  • Re: How do you keep users from stealing other users ip??
    ... Mostly pertaining to tracking down who is this user eating up our bandwidth or who is this user flooding our network. ... Some users with public workstations and testbeds are eating up bandwidth through file sharing...Still hard to trace this without proper ip allocation management. ... You can do that with packet filter, ...
    (freebsd-questions)
  • Re: network with bandwidth problems need help please.
    ... i have a network with 2 Server 2000 and 60 ... Windows 2000 and windows XP Pro. ... cameras are over the TCP/IP, so we have a computer setup with LCD monitor ... bandwidth, do i need to purchase a software, I really need help here I ...
    (microsoft.public.security)
  • Auto Update SP2 Download Behavior
    ... I'm a little confused about how BITS and the Windows ... I thought I understood that bandwidth will be detected on ... I just read that it's more like a few machines ... on the network at a time will get it fairly quickly until ...
    (microsoft.public.windowsupdate)
  • Re: PID 1212 slowly maxing out?
    ... Windows 2003 servers, but could it affect Windows XP as well? ... I'm on a home network running on wireless. ... Logical Disk Manager service ...
    (microsoft.public.windowsxp.help_and_support)
Loading