From: Jonn Martell (martell@ucs.ubc.ca)
Date: Thu Aug 17 2000 - 18:29:46 CDT
That's not really a good way anymore. The crop of new personal firewalls
drop ping packets.
..Jonn
On Thu, 17 Aug 2000, Steve Hideg wrote:
> Date: Thu, 17 Aug 2000 12:25:12 -0500
> From: Steve Hideg <hideg@saintmarys.edu>
> Reply-To: netreg@southwestern.edu
> To: netreg@southwestern.edu
> Subject: Re: DHCP clients specifying DNS
>
> Yeah, you could ping each address in the unregistered pool that
> doesn't have a lease and find rouges in there. We're using static
> addressing for our resnet with 9 subnets of our class-C network
> allocated to registered machines. I suppose we could ping all
> unregistered addresses, but pinging is a crap-shoot and with 9
> subnets, that's a helluva lot of pinging!
>
> ++Steve
>
>
> At 9:54 AM -0700 8/17/00, Greg wrote:
> >hmm, you raise a good point.
> >
> >we are pretty explicit in the printout instructions for students but i'm
> >sure this will crop up. our students start arriving next week....
> >
> >i have long wanted to write a script which i antcipate calling
> >"squatter"
> >squatter would take as input the dhcpd.leases file and extract all
> >current valid leases.
> >it would then ping the subnets in question and compare the results.
> >it could then alert you if there is someone on an unregistered ip
> >allowing you to call the offending squatter.
> >
> >i'll email the list when i get around to "squatter"
> >
> >greg
> >
> >Steve Hideg wrote:
> >>
> >> Greetings netreggers.
> >>
> >> I found some disturbing behavior in Windows and Macintosh DHCP
> >> clients yesterday. Behavior that can (and has) totally bypass netreg.
> >>
> >> With the Windows 95 client, in the Network control panel on the DNS
> >> Configurations tab, if DNS is enabled and it contains a list of valid
> >> servers, this will override the server specified by the netreg DHCP
> >> server, regardless of the "obtain an IP address automatically"
> >> setting of the client.
> >>
> >> We've observed that the Win 98 client doesn't appear to be so bold,
> >> but we are now instructing all Windows users to disable DNS in the
> >> network control panel.
> >>
> >> The same problem can appear with the TCP/IP control panel on Mac OS.
> >> If the User Level on the control panel is set to anything other than
> >> Basic, you can specify DNS servers in the control panel and they take
> >> precedence over the one(s) specified by the DHCP server. Here, we'll
> >> instruct users to make sure it is set to Basic (we're counting on
> >> this being less of a problem since TCP/IP is usually set to Basic &
> >> DHCP out of the box as of late).
> >>
> >> This problem cropped up (especially on the Windows side) with
> >> returning students who have DNS turned on from being in our ResNet
> >> last year.
> >>
> >> As is always the case, instructing users is far from an adequate
> >> solution, especially when a kid has a father who "knows about
> >> computers" and doesn't bother to read the ResNet instructions we
> >> provide (this has already happened, to one of our RCCs no less).
> >>
> >> Does anybody have any other workaround for this? I can't find
> >> anything about the ISC DHCP server or DHCP in general that would
> >> allow the specifications from the server to override any local
> >> settings.
> >>
> >> This is quite alarming to me since students can easily (and
> >> unknowingly) bypass netreg altogether (and potentially exhaust our
> >> unregistered IP address pool). Is there something sneaky we can do to
> >> lease & renewal times in the unregistered pool perhaps?
> >>
> >> Obviously, the problem of hard-coded addresses still exists, but this
> >> DNS problem is a major loophole.
> >>
> >> Thanks.
> >>
> >> ____________________________________________________________________
> >> Steve Hideg
> >> Technical Support Specialist, Saint Mary's College, Notre Dame IN
> >> <hideg@saintmarys.edu>
> >> ____________________________________________________________________
> >> "There is another system." --Colossus
> >> **********************************************************************
> >> To unsubscribe from this list, send an e-mail message to
> >> majordomo@southwestern.edu containing a single line with the words:
> >> unsubscribe netreg
> >> Send requests for assistance to: owner-netreg@southwestern.edu
> >> **********************************************************************
> >
> >--
> >____________________________________
> > Greg Lawler
> > Network Administrator
> > grinch@westmont.edu 805.565.7249
> > http://zulu.westmont.edu/routers
> >____________________________________
> >**********************************************************************
> >To unsubscribe from this list, send an e-mail message to
> >majordomo@southwestern.edu containing a single line with the words:
> >unsubscribe netreg
> >Send requests for assistance to: owner-netreg@southwestern.edu
> >**********************************************************************
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
>
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT