-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Seaman Sent: Monday, September 27, 2004 2:22 AM To: Tim Aslat Cc: [EMAIL PROTECTED] Subject: Re: IP address conflicts
On Mon, Sep 27, 2004 at 08:51:47AM +0930, Tim Aslat wrote:
I have an annoying situation in a school I do casual work in their IT department. There are a number of individuals within the system who think it's funny to allocate an IP address on a workstation identical to the network's proxy/web/mail servers. What I'd like to know is, would there be any way of preventing this short of spending quite a lot of money on managed switches an the like?
Well, you could move all of the servers onto a separate network to any of the individual client machines (and make sure that the server network isn't accessible from any of the network ports your clients have access to, clearly). That way, even if one of your pet idiots decides to 'borrow' a server IP address, the network routing means that all they are going to do is hurt themselves.
You must want to HELP the little shits then.
Think of this for a second. Right now he has maybe 4-5 different servers that people are putting the IP numbers on. Once you move all those servers onto a separate subnet, now all the little twits have to do is put the IP number of the gateway router onto their systems, then the entire subnet that ALL the servers are on becomes inaccessible.
It's nice to hear of kids understanding enough of their IT systems to do this sort of thing, and this is what they'll do if they can. But why can the pupils alter their network settings at all? Assuming they have Windows machines, the registries can be tweaked to deny access to network settings and other things that creative minds can play games with. This can be done through their network logins.
Peter.
--
the circle squared
network systems and software
http://www.circlesquared.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
