From: Chris Smith (chris@smu.edu)
Date: Fri Aug 18 2000 - 11:41:02 CDT
Uh, until I get through deployment, it's not useable by others. I would
really need to implement it all in perl and annotate before sending it out
for others to try. But, I'm no perl expert, so that could take a while.
If anyone else REALLY wants to know, I'll send the current, ugly code to
the list.
On 18 Aug 00, at 9:49, Steve Hideg wrote:
> Care to share your perl code?
>
> At 9:12 AM -0500 8/18/00, Chris Smith wrote:
> >Why ping?
> >
> >My approach to detecting and correcting rogues is to run perl every 10
> >minutes that compares the student router's (10-minute aging) arp cache (1
> >snmpwalk) to current leases. Those using a permanent pool address have
> >their cache entry poisoned (ip -> 66:66:66:66:66:66 -> to a down port),
> >unless they were poisoned the last run. This means 10 minutes on the
> >network, 10 off, until they stop using the address. It's now in production
> >and working well.
> >
> >
> >On 17 Aug 00, at 16:29, Jonn Martell wrote:
> >
> >>
> >> That's not really a good way anymore. The crop of new personal firewalls
> >> drop ping packets.
> >>
> >> ..Jonn
> >>
> >> On Thu, 17 Aug 2000, Steve Hideg wrote:
> >>
> >> > Date: Thu, 17 Aug 2000 12:25:12 -0500
> >> > From: Steve Hideg <hideg@saintmarys.edu>
> >> > Reply-To: netreg@southwestern.edu
> >> > To: netreg@southwestern.edu
> >> > Subject: Re: DHCP clients specifying DNS
> >> >
> >> > Yeah, you could ping each address in the unregistered pool that
> >> > doesn't have a lease and find rouges in there. We're using static
> >> > addressing for our resnet with 9 subnets of our class-C network
> >> > allocated to registered machines. I suppose we could ping all
> >> > unregistered addresses, but pinging is a crap-shoot and with 9
> >> > subnets, that's a helluva lot of pinging!
> >> >
> >> > ++Steve
> >> >
> >> >
> >> > At 9:54 AM -0700 8/17/00, Greg wrote:
> >> > >hmm, you raise a good point.
> >> > >
> >> > >we are pretty explicit in the printout instructions for students but i'm
> >> > >sure this will crop up. our students start arriving next week....
> >> > >
> >> > >i have long wanted to write a script which i antcipate calling
> >> > >"squatter"
> >> > >squatter would take as input the dhcpd.leases file and extract all
> >> > >current valid leases.
> >> > >it would then ping the subnets in question and compare the results.
> >> > >it could then alert you if there is someone on an unregistered ip
> >> > >allowing you to call the offending squatter.
> >> > >
> >> > >i'll email the list when i get around to "squatter"
> >> > >
> >> > >greg
> >> > >
> >> > >Steve Hideg wrote:
> >> > >>
> >> > >> Greetings netreggers.
> >> > >>
> >> > >> I found some disturbing behavior in Windows and Macintosh DHCP
> >> > >> clients yesterday. Behavior that can (and has) totally bypass netreg.
> >> > >>
> >> > >> With the Windows 95 client, in the Network control panel on the DNS
> >> > >> Configurations tab, if DNS is enabled and it contains a list of valid
> >> > >> servers, this will override the server specified by the netreg DHCP
> >> > >> server, regardless of the "obtain an IP address automatically"
> >> > >> setting of the client.
> >> > >>
> >> > >> We've observed that the Win 98 client doesn't appear to be so bold,
> >> > >> but we are now instructing all Windows users to disable DNS in the
> >> > >> network control panel.
> >> > >>
> >> > >> The same problem can appear with the TCP/IP control panel on Mac OS.
> >> > >> If the User Level on the control panel is set to anything other than
> >> > >> Basic, you can specify DNS servers in the control panel and they take
> >> > >> precedence over the one(s) specified by the DHCP server. Here, we'll
> >> > >> instruct users to make sure it is set to Basic (we're counting on
> >> > >> this being less of a problem since TCP/IP is usually set to Basic &
> >> > >> DHCP out of the box as of late).
> >> > >>
> >> > >> This problem cropped up (especially on the Windows side) with
> >> > >> returning students who have DNS turned on from being in our ResNet
> >> > >> last year.
> >> > >>
> >> > >> As is always the case, instructing users is far from an adequate
> >> > >> solution, especially when a kid has a father who "knows about
> >> > >> computers" and doesn't bother to read the ResNet instructions we
> >> > >> provide (this has already happened, to one of our RCCs no less).
> >> > >>
> >> > >> Does anybody have any other workaround for this? I can't find
> >> > >> anything about the ISC DHCP server or DHCP in general that would
> >> > >> allow the specifications from the server to override any local
> >> > >> settings.
> >> > >>
> >> > >> This is quite alarming to me since students can easily (and
> >> > >> unknowingly) bypass netreg altogether (and potentially exhaust our
> >> > >> unregistered IP address pool). Is there something sneaky we can do to
> >> > >> lease & renewal times in the unregistered pool perhaps?
> >> > >>
> >> > >> Obviously, the problem of hard-coded addresses still exists, but this
> >> > >> DNS problem is a major loophole.
> >> > >>
> >> > >> Thanks.
> >> > >>
> >> > >> ____________________________________________________________________
> >> > >> Steve Hideg
> >> > >> Technical Support Specialist, Saint Mary's College, Notre Dame IN
> >> > >> <hideg@saintmarys.edu>
> >> > >> ____________________________________________________________________
> >> > >> "There is another system." --Colossus
> >> > >> **********************************************************************
> >> > >> To unsubscribe from this list, send an e-mail message to
> >> > >> majordomo@southwestern.edu containing a single line with the words:
> >> > >> unsubscribe netreg
> >> > >> Send requests for assistance to: owner-netreg@southwestern.edu
> >> > >> **********************************************************************
> >> > >
> >> > >--
> >> > >____________________________________
> >> > > Greg Lawler
> >> > > Network Administrator
> >> > > grinch@westmont.edu 805.565.7249
> >> > > http://zulu.westmont.edu/routers
> >> > >____________________________________
> >> > >**********************************************************************
> >> > >To unsubscribe from this list, send an e-mail message to
> >> > >majordomo@southwestern.edu containing a single line with the words:
> >> > >unsubscribe netreg
> >> > >Send requests for assistance to: owner-netreg@southwestern.edu
> >> > >**********************************************************************
> >> >
> >> > **********************************************************************
> >> > To unsubscribe from this list, send an e-mail message to
> >> > majordomo@southwestern.edu containing a single line with the words:
> >> > unsubscribe netreg
> >> > Send requests for assistance to: owner-netreg@southwestern.edu
> >> > **********************************************************************
> >> >
> >>
> >> **********************************************************************
> >> To unsubscribe from this list, send an e-mail message to
> >> majordomo@southwestern.edu containing a single line with the words:
> >> unsubscribe netreg
> >> Send requests for assistance to: owner-netreg@southwestern.edu
> >> **********************************************************************
> >>
> >
> >
> >---
> >J. Christian Smith * Senior Network Engineer * http://www.smu.edu/smunet
> >Information Technology Services * PHONE:(214)768-2378 * FAX:(214)768-9999
> >Southern Methodist University * 6100 Ownby Drive * Dallas, TX * 75275-0262
> >**********************************************************************
> >To unsubscribe from this list, send an e-mail message to
> >majordomo@southwestern.edu containing a single line with the words:
> >unsubscribe netreg
> >Send requests for assistance to: owner-netreg@southwestern.edu
> >**********************************************************************
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
>
--- J. Christian Smith * Senior Network Engineer * http://www.smu.edu/smunet Information Technology Services * PHONE:(214)768-2378 * FAX:(214)768-9999 Southern Methodist University * 6100 Ownby Drive * Dallas, TX * 75275-0262 ********************************************************************** To unsubscribe from this list, send an e-mail message to majordomo@southwestern.edu containing a single line with the words: unsubscribe netreg Send requests for assistance to: owner-netreg@southwestern.edu **********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT