From: Greg (glawler@westmont.edu)
Date: Thu Aug 17 2000 - 11:54:36 CDT
hmm, you raise a good point.
we are pretty explicit in the printout instructions for students but i'm
sure this will crop up. our students start arriving next week....
i have long wanted to write a script which i antcipate calling
"squatter"
squatter would take as input the dhcpd.leases file and extract all
current valid leases.
it would then ping the subnets in question and compare the results.
it could then alert you if there is someone on an unregistered ip
allowing you to call the offending squatter.
i'll email the list when i get around to "squatter"
greg
Steve Hideg wrote:
>
> Greetings netreggers.
>
> I found some disturbing behavior in Windows and Macintosh DHCP
> clients yesterday. Behavior that can (and has) totally bypass netreg.
>
> With the Windows 95 client, in the Network control panel on the DNS
> Configurations tab, if DNS is enabled and it contains a list of valid
> servers, this will override the server specified by the netreg DHCP
> server, regardless of the "obtain an IP address automatically"
> setting of the client.
>
> We've observed that the Win 98 client doesn't appear to be so bold,
> but we are now instructing all Windows users to disable DNS in the
> network control panel.
>
> The same problem can appear with the TCP/IP control panel on Mac OS.
> If the User Level on the control panel is set to anything other than
> Basic, you can specify DNS servers in the control panel and they take
> precedence over the one(s) specified by the DHCP server. Here, we'll
> instruct users to make sure it is set to Basic (we're counting on
> this being less of a problem since TCP/IP is usually set to Basic &
> DHCP out of the box as of late).
>
> This problem cropped up (especially on the Windows side) with
> returning students who have DNS turned on from being in our ResNet
> last year.
>
> As is always the case, instructing users is far from an adequate
> solution, especially when a kid has a father who "knows about
> computers" and doesn't bother to read the ResNet instructions we
> provide (this has already happened, to one of our RCCs no less).
>
> Does anybody have any other workaround for this? I can't find
> anything about the ISC DHCP server or DHCP in general that would
> allow the specifications from the server to override any local
> settings.
>
> This is quite alarming to me since students can easily (and
> unknowingly) bypass netreg altogether (and potentially exhaust our
> unregistered IP address pool). Is there something sneaky we can do to
> lease & renewal times in the unregistered pool perhaps?
>
> Obviously, the problem of hard-coded addresses still exists, but this
> DNS problem is a major loophole.
>
> Thanks.
>
> ____________________________________________________________________
> Steve Hideg
> Technical Support Specialist, Saint Mary's College, Notre Dame IN
> <hideg@saintmarys.edu>
> ____________________________________________________________________
> "There is another system." --Colossus
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
--
____________________________________
Greg Lawler
Network Administrator
grinch@westmont.edu 805.565.7249
http://zulu.westmont.edu/routers
____________________________________
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT