Hardcoding Issues

Hello everyone. I am a college student, and at the college I go to,
we receive our internet connection thought the Local Area Network.
Our LAN uses DHCP to assign IP addresses. The DHCP server only
assigns IP addresses to peoples who have their MAC address registered
with the system admin and entered into this database. Of the late,
several people have been hard coding their IP addresses. This has
become a problem since people who are receiving IP addresses from the
DHCP server are frequently loosing internet connectivity due to IP
address conflict.

Basically I recently began to realize how big a deal this actually
is. Several of my professors and the Executive Director have all lost
internet connectivity. The method that these hard coders are using is
as follows.

Everyone at my college has an domain name which is in the form
{lastname}{first letter of first name}.domain.edu. (For examply
williamsw.foobar.edu). Essentially what has been happening is
students have been pinging the domain names of their targets and
hardcoding that IP address to prevent the rightful owner of that IP
from gaining internet connectivity. The system admin does not know
how to catch these "hardcoders" so he has chosen to disable internet
from 12:00 AM to 5:00 PM as a punishment to everyone until the
culprits are caught. I intend to catch them.

Our server is some sort of Linux and I run Debian Etch. I am pretty
sure all of the people doing this hard coding run Windows XP or
Windows Vista. Essentially I have some idea of what I need to do to
attain the MAC addresses of the hardcoders but am not quite sure.

I would greatly appreciate help from anyone in this endeavor. Thanks
in advanced.

Nori

On Sun, 04 Nov 2007 20:17:19 -0800, Nori rearranged some electrons to say:


> I would greatly appreciate help from anyone in this endeavor.

Read the thread entitled "Machines on LAN"

On Nov 5, 6:17 am, Nori <noridotj...@gmail.com> wrote:
> Hello everyone. I am a college student, and at the college I go to,
> we receive our internet connection thought the Local Area Network.
> Our LAN uses DHCP to assign IP addresses. The DHCP server only
> assigns IP addresses to peoples who have their MAC address registered
> with the system admin and entered into this database. Of the late,
> several people have been hard coding their IP addresses. This has
> become a problem since people who are receiving IP addresses from the
> DHCP server are frequently loosing internet connectivity due to IP
> address conflict.
>
> Basically I recently began to realize how big a deal this actually
> is. Several of my professors and the Executive Director have all lost
> internet connectivity. The method that these hard coders are using is
> as follows.
>
> Everyone at my college has an domain name which is in the form
> {lastname}{first letter of first name}.domain.edu. (For examply
> williamsw.foobar.edu). Essentially what has been happening is
> students have been pinging the domain names of their targets and
> hardcoding that IP address to prevent the rightful owner of that IP
> from gaining internet connectivity. The system admin does not know
> how to catch these "hardcoders" so he has chosen to disable internet
> from 12:00 AM to 5:00 PM as a punishment to everyone until the
> culprits are caught. I intend to catch them.
>
> Our server is some sort of Linux and I run Debian Etch. I am pretty
> sure all of the people doing this hard coding run Windows XP or
> Windows Vista. Essentially I have some idea of what I need to do to
> attain the MAC addresses of the hardcoders but am not quite sure.
>
> I would greatly appreciate help from anyone in this endeavor. Thanks
> in advanced.
>
> Nori

So you got a few guys that think they smart that happens alot in a
college...

The simple way would be to just go to the dhcp leases and see who the
ip address has been given to (MAC or Computer name) or you can get
something like ethereal its a network sniffer and run it on the Proxy
or ICS server and find the mac address of the person using the ip
address they should not be using, but just finding their mac address
won't help you much unless you have a database of the mac addresses
and location for every pc in the college (doubt it) the other problem
you can come across is that people might actually be spoofing their
mac address with something like smac to that of the original ip
address owner...i suggest that on the domain you make a global group
with internet browsing rights and add the users you want to use the
internet to that group...if you do that getting an ip address won't
get them anywhere beyond the college network...Hope that helps and
don't stress things like that happen in college all the time...
cheers

Good Luck

Wired or wireless? If wired, and if you have a switches that can do
accounting and so tie packets and MAC addresses to ports, you've got
'em. If wireless, or if you don't have good switches... I dunno.

On 2007-11-05, Nori <(E-Mail Removed)> wrote:
> Hello everyone. I am a college student, and at the college I go to,
> we receive our internet connection thought the Local Area Network.
> Our LAN uses DHCP to assign IP addresses. The DHCP server only
> assigns IP addresses to peoples who have their MAC address registered
> with the system admin and entered into this database. Of the late,
> several people have been hard coding their IP addresses. This has
> become a problem since people who are receiving IP addresses from the
> DHCP server are frequently loosing internet connectivity due to IP
> address conflict.

The admin needs to change his approach, me thinks.

We've started to put machines on separate VLAN's according to wether they
have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
and get an IP for it. Those that aren't, are switched on a VLAN that leads
only to the Net, and they get an 192.168.x.x. This allows visitors to go get
their mail, without being inside the company's network. Also easier for
them, because that 'outside' VLAN has no proxy.


--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams

Rikishi 42 wrote:

> On 2007-11-05, Nori <(E-Mail Removed)> wrote:
>> Hello everyone. I am a college student, and at the college I go to,
>> we receive our internet connection thought the Local Area Network.
>> Our LAN uses DHCP to assign IP addresses. The DHCP server only
>> assigns IP addresses to peoples who have their MAC address registered
>> with the system admin and entered into this database. Of the late,
>> several people have been hard coding their IP addresses. This has
>> become a problem since people who are receiving IP addresses from the
>> DHCP server are frequently loosing internet connectivity due to IP
>> address conflict.
>
> The admin needs to change his approach, me thinks.
>
> We've started to put machines on separate VLAN's according to wether they
> have a 'valid' MAC address or not. The valid MAC's are put on the main
> LAN, and get an IP for it. Those that aren't, are switched on a VLAN that
> leads only to the Net, and they get an 192.168.x.x. This allows visitors
> to go get their mail, without being inside the company's network. Also
> easier for them, because that 'outside' VLAN has no proxy.
>
>

What do you do if someone changes the MAC to a MAC that is current on the
main LAN ?
as in

#sudo ifconfig eth0 down hw ether xx:xx:xx:xx:xx:xx
#sudo ifconfig eth0 up

where xx:xx:xx:xx:xx:xx is some MAC address.

--
Dancin in the ruins tonight
Tayo'y Mga Pinoy

Rikishi 42 <(E-Mail Removed)> writes:
>
> We've started to put machines on separate VLAN's according to wether they
> have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
> and get an IP for it. Those that aren't, are switched on a VLAN that leads
> only to the Net, and they get an 192.168.x.x. This allows visitors to go get
> their mail, without being inside the company's network. Also easier for
> them, because that 'outside' VLAN has no proxy.

But if a visitor sets the IP, by hand, to one of the 'official' ones,
what happens?

On 2007-11-06, Joe Pfeiffer <(E-Mail Removed)> wrote:
> Rikishi 42 <(E-Mail Removed)> writes:
>>
>> We've started to put machines on separate VLAN's according to wether they
>> have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
>> and get an IP for it. Those that aren't, are switched on a VLAN that leads
>> only to the Net, and they get an 192.168.x.x. This allows visitors to go get
>> their mail, without being inside the company's network. Also easier for
>> them, because that 'outside' VLAN has no proxy.
>
> But if a visitor sets the IP, by hand, to one of the 'official' ones,
> what happens?

Say the 'real' network distributes IP addresses from the 123.x.x.x range to the
valid MAC addresses.
And say other MAC's get an 192.168.0.x address. Those are routed to the Net.


The visitor manually encodes 123.45.67.89 in his machine. But since the MAC
is invalid, the machine will still be connected (by the switch) to the
'externals' VLAN.

But from that VLAN, only the 192.168.0.x addresses get routed to the
Internet. So, his machine can't even get there. It's trapped, unable to
communicate with any machine, unless there is another such clown who did
the same thing.




Of course, it's possible to redefine a MAC address. But that's another story.
And physically locating the little bugger isn't *that* difficult.
Neighter is kicking him out of the building, with his USB stick firmly
embedded where the light don't shine. :-)

(allways wear gloves when applying that LART)



PS: I wasn't involved in the deployment of that system. Therefore not all
details are known to me. I might have - for instance - wrongly used the term
VLAN. But you get the general drift of what was done.


--
There is an art, it says, or rather, a knack to flying.
The knack lies in learning how to throw yourself at the ground and miss.
Douglas Adams

Nori <(E-Mail Removed)> wrote in news:1194236239.555668.193060
@o3g2000hsb.googlegroups.com:

> Hello everyone. I am a college student, and at the college I go to,
> we receive our internet connection thought the Local Area Network.
> Our LAN uses DHCP to assign IP addresses. The DHCP server only
> assigns IP addresses to peoples who have their MAC address registered
> with the system admin and entered into this database. Of the late,
> several people have been hard coding their IP addresses. This has
> become a problem since people who are receiving IP addresses from the
> DHCP server are frequently loosing internet connectivity due to IP
> address conflict.
>
> Basically I recently began to realize how big a deal this actually
> is. Several of my professors and the Executive Director have all lost
> internet connectivity. The method that these hard coders are using is
> as follows.
>
> Everyone at my college has an domain name which is in the form
> {lastname}{first letter of first name}.domain.edu. (For examply
> williamsw.foobar.edu). Essentially what has been happening is
> students have been pinging the domain names of their targets and
> hardcoding that IP address to prevent the rightful owner of that IP
> from gaining internet connectivity. The system admin does not know
> how to catch these "hardcoders" so he has chosen to disable internet
> from 12:00 AM to 5:00 PM as a punishment to everyone until the
> culprits are caught. I intend to catch them.
>
> Our server is some sort of Linux and I run Debian Etch. I am pretty
> sure all of the people doing this hard coding run Windows XP or
> Windows Vista. Essentially I have some idea of what I need to do to
> attain the MAC addresses of the hardcoders but am not quite sure.
>
> I would greatly appreciate help from anyone in this endeavor. Thanks
> in advanced.
>
> Nori
>

If your switches support 802.1X you could try that. It isn't invulnerable
but is a possibility.

http://en.wikipedia.org/wiki/IEEE_802.1X

I believe a certain computer software company (name beginning with the
letter M ) had problem with visitors plugging into network ports and
carrying out nefarious activities ;-). Their solution was to allow their
bona fide servers and workstations to only talk to each other using IPSec
IIRC.

Rikishi 42 <(E-Mail Removed)> writes:

> On 2007-11-06, Joe Pfeiffer <(E-Mail Removed)> wrote:
>>
>> But if a visitor sets the IP, by hand, to one of the 'official' ones,
>> what happens?
>
> The visitor manually encodes 123.45.67.89 in his machine. But since the MAC
> is invalid, the machine will still be connected (by the switch) to the
> 'externals' VLAN.

OK, so the filtering is based on MAC. Got it.