From: Steve Hideg (hideg@saintmarys.edu)
Date: Fri Aug 18 2000 - 09:49:22 CDT
Care to share your perl code?
At 9:12 AM -0500 8/18/00, Chris Smith wrote:
>Why ping?
>
>My approach to detecting and correcting rogues is to run perl every 10
>minutes that compares the student router's (10-minute aging) arp cache (1
>snmpwalk) to current leases. Those using a permanent pool address have
>their cache entry poisoned (ip -> 66:66:66:66:66:66 -> to a down port),
>unless they were poisoned the last run. This means 10 minutes on the
>network, 10 off, until they stop using the address. It's now in production
>and working well.
>
>
>On 17 Aug 00, at 16:29, Jonn Martell wrote:
>
>>
>> That's not really a good way anymore. The crop of new personal firewalls
>> drop ping packets.
>>
>> ..Jonn
>>
>> On Thu, 17 Aug 2000, Steve Hideg wrote:
>>
>> > Date: Thu, 17 Aug 2000 12:25:12 -0500
>> > From: Steve Hideg <hideg@saintmarys.edu>
>> > Reply-To: netreg@southwestern.edu
>> > To: netreg@southwestern.edu
>> > Subject: Re: DHCP clients specifying DNS
>> >
>> > Yeah, you could ping each address in the unregistered pool that
>> > doesn't have a lease and find rouges in there. We're using static
>> > addressing for our resnet with 9 subnets of our class-C network
>> > allocated to registered machines. I suppose we could ping all
>> > unregistered addresses, but pinging is a crap-shoot and with 9
>> > subnets, that's a helluva lot of pinging!
>> >
>> > ++Steve
>> >
>> >
>> > At 9:54 AM -0700 8/17/00, Greg wrote:
>> > >hmm, you raise a good point.
>> > >
>> > >we are pretty explicit in the printout instructions for students but i'm
>> > >sure this will crop up. our students start arriving next week....
>> > >
>> > >i have long wanted to write a script which i antcipate calling
>> > >"squatter"
>> > >squatter would take as input the dhcpd.leases file and extract all
>> > >current valid leases.
>> > >it would then ping the subnets in question and compare the results.
>> > >it could then alert you if there is someone on an unregistered ip
>> > >allowing you to call the offending squatter.
>> > >
>> > >i'll email the list when i get around to "squatter"
>> > >
>> > >greg
>> > >
>> > >Steve Hideg wrote:
>> > >>
>> > >> Greetings netreggers.
>> > >>
>> > >> I found some disturbing behavior in Windows and Macintosh DHCP
>> > >> clients yesterday. Behavior that can (and has) totally bypass netreg.
>> > >>
>> > >> With the Windows 95 client, in the Network control panel on the DNS
>> > >> Configurations tab, if DNS is enabled and it contains a list of valid
>> > >> servers, this will override the server specified by the netreg DHCP
>> > >> server, regardless of the "obtain an IP address automatically"
>> > >> setting of the client.
>> > >>
>> > >> We've observed that the Win 98 client doesn't appear to be so bold,
>> > >> but we are now instructing all Windows users to disable DNS in the
>> > >> network control panel.
>> > >>
>> > >> The same problem can appear with the TCP/IP control panel on Mac OS.
>> > >> If the User Level on the control panel is set to anything other than
>> > >> Basic, you can specify DNS servers in the control panel and they take
>> > >> precedence over the one(s) specified by the DHCP server. Here, we'll
>> > >> instruct users to make sure it is set to Basic (we're counting on
>> > >> this being less of a problem since TCP/IP is usually set to Basic &
>> > >> DHCP out of the box as of late).
>> > >>
>> > >> This problem cropped up (especially on the Windows side) with
>> > >> returning students who have DNS turned on from being in our ResNet
>> > >> last year.
>> > >>
>> > >> As is always the case, instructing users is far from an adequate
>> > >> solution, especially when a kid has a father who "knows about
>> > >> computers" and doesn't bother to read the ResNet instructions we
>> > >> provide (this has already happened, to one of our RCCs no less).
>> > >>
>> > >> Does anybody have any other workaround for this? I can't find
>> > >> anything about the ISC DHCP server or DHCP in general that would
>> > >> allow the specifications from the server to override any local
>> > >> settings.
>> > >>
>> > >> This is quite alarming to me since students can easily (and
>> > >> unknowingly) bypass netreg altogether (and potentially exhaust our
>> > >> unregistered IP address pool). Is there something sneaky we can do to
>> > >> lease & renewal times in the unregistered pool perhaps?
>> > >>
>> > >> Obviously, the problem of hard-coded addresses still exists, but this
>> > >> DNS problem is a major loophole.
>> > >>
>> > >> Thanks.
>> > >>
>> > >> ____________________________________________________________________
>> > >> Steve Hideg
>> > >> Technical Support Specialist, Saint Mary's College, Notre Dame IN
>> > >> <hideg@saintmarys.edu>
>> > >> ____________________________________________________________________
>> > >> "There is another system." --Colossus
>> > >> **********************************************************************
>> > >> To unsubscribe from this list, send an e-mail message to
>> > >> majordomo@southwestern.edu containing a single line with the words:
>> > >> unsubscribe netreg
>> > >> Send requests for assistance to: owner-netreg@southwestern.edu
>> > >> **********************************************************************
>> > >
>> > >--
>> > >____________________________________
>> > > Greg Lawler
>> > > Network Administrator
>> > > grinch@westmont.edu 805.565.7249
>> > > http://zulu.westmont.edu/routers
>> > >____________________________________
>> > >**********************************************************************
>> > >To unsubscribe from this list, send an e-mail message to
>> > >majordomo@southwestern.edu containing a single line with the words:
>> > >unsubscribe netreg
>> > >Send requests for assistance to: owner-netreg@southwestern.edu
>> > >**********************************************************************
>> >
>> > **********************************************************************
>> > To unsubscribe from this list, send an e-mail message to
>> > majordomo@southwestern.edu containing a single line with the words:
>> > unsubscribe netreg
>> > Send requests for assistance to: owner-netreg@southwestern.edu
>> > **********************************************************************
>> >
>>
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the words:
>> unsubscribe netreg
>> Send requests for assistance to: owner-netreg@southwestern.edu
>> **********************************************************************
>>
>
>
>---
>J. Christian Smith * Senior Network Engineer * http://www.smu.edu/smunet
>Information Technology Services * PHONE:(214)768-2378 * FAX:(214)768-9999
>Southern Methodist University * 6100 Ownby Drive * Dallas, TX * 75275-0262
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg
>Send requests for assistance to: owner-netreg@southwestern.edu
>**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT