From: Steve Hideg (hideg@saintmarys.edu)
Date: Thu Aug 17 2000 - 12:25:12 CDT
Yeah, you could ping each address in the unregistered pool that
doesn't have a lease and find rouges in there. We're using static
addressing for our resnet with 9 subnets of our class-C network
allocated to registered machines. I suppose we could ping all
unregistered addresses, but pinging is a crap-shoot and with 9
subnets, that's a helluva lot of pinging!
++Steve
At 9:54 AM -0700 8/17/00, Greg wrote:
>hmm, you raise a good point.
>
>we are pretty explicit in the printout instructions for students but i'm
>sure this will crop up. our students start arriving next week....
>
>i have long wanted to write a script which i antcipate calling
>"squatter"
>squatter would take as input the dhcpd.leases file and extract all
>current valid leases.
>it would then ping the subnets in question and compare the results.
>it could then alert you if there is someone on an unregistered ip
>allowing you to call the offending squatter.
>
>i'll email the list when i get around to "squatter"
>
>greg
>
>Steve Hideg wrote:
>>
>> Greetings netreggers.
>>
>> I found some disturbing behavior in Windows and Macintosh DHCP
>> clients yesterday. Behavior that can (and has) totally bypass netreg.
>>
>> With the Windows 95 client, in the Network control panel on the DNS
>> Configurations tab, if DNS is enabled and it contains a list of valid
>> servers, this will override the server specified by the netreg DHCP
>> server, regardless of the "obtain an IP address automatically"
>> setting of the client.
>>
>> We've observed that the Win 98 client doesn't appear to be so bold,
>> but we are now instructing all Windows users to disable DNS in the
>> network control panel.
>>
>> The same problem can appear with the TCP/IP control panel on Mac OS.
>> If the User Level on the control panel is set to anything other than
>> Basic, you can specify DNS servers in the control panel and they take
>> precedence over the one(s) specified by the DHCP server. Here, we'll
>> instruct users to make sure it is set to Basic (we're counting on
>> this being less of a problem since TCP/IP is usually set to Basic &
>> DHCP out of the box as of late).
>>
>> This problem cropped up (especially on the Windows side) with
>> returning students who have DNS turned on from being in our ResNet
>> last year.
>>
>> As is always the case, instructing users is far from an adequate
>> solution, especially when a kid has a father who "knows about
>> computers" and doesn't bother to read the ResNet instructions we
>> provide (this has already happened, to one of our RCCs no less).
>>
>> Does anybody have any other workaround for this? I can't find
>> anything about the ISC DHCP server or DHCP in general that would
>> allow the specifications from the server to override any local
>> settings.
>>
>> This is quite alarming to me since students can easily (and
>> unknowingly) bypass netreg altogether (and potentially exhaust our
>> unregistered IP address pool). Is there something sneaky we can do to
>> lease & renewal times in the unregistered pool perhaps?
>>
>> Obviously, the problem of hard-coded addresses still exists, but this
>> DNS problem is a major loophole.
>>
>> Thanks.
>>
>> ____________________________________________________________________
>> Steve Hideg
>> Technical Support Specialist, Saint Mary's College, Notre Dame IN
>> <hideg@saintmarys.edu>
>> ____________________________________________________________________
>> "There is another system." --Colossus
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the words:
>> unsubscribe netreg
>> Send requests for assistance to: owner-netreg@southwestern.edu
>> **********************************************************************
>
>--
>____________________________________
> Greg Lawler
> Network Administrator
> grinch@westmont.edu 805.565.7249
> http://zulu.westmont.edu/routers
>____________________________________
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg
>Send requests for assistance to: owner-netreg@southwestern.edu
>**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT