Hardcoding Issues - Networking

This is a discussion on Hardcoding Issues - Networking ; Hello everyone. I am a college student, and at the college I go to, we receive our internet connection thought the Local Area Network. Our LAN uses DHCP to assign IP addresses. The DHCP server only assigns IP addresses to ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Hardcoding Issues

  1. Hardcoding Issues

    Hello everyone. I am a college student, and at the college I go to,
    we receive our internet connection thought the Local Area Network.
    Our LAN uses DHCP to assign IP addresses. The DHCP server only
    assigns IP addresses to peoples who have their MAC address registered
    with the system admin and entered into this database. Of the late,
    several people have been hard coding their IP addresses. This has
    become a problem since people who are receiving IP addresses from the
    DHCP server are frequently loosing internet connectivity due to IP
    address conflict.

    Basically I recently began to realize how big a deal this actually
    is. Several of my professors and the Executive Director have all lost
    internet connectivity. The method that these hard coders are using is
    as follows.

    Everyone at my college has an domain name which is in the form
    {lastname}{first letter of first name}.domain.edu. (For examply
    williamsw.foobar.edu). Essentially what has been happening is
    students have been pinging the domain names of their targets and
    hardcoding that IP address to prevent the rightful owner of that IP
    from gaining internet connectivity. The system admin does not know
    how to catch these "hardcoders" so he has chosen to disable internet
    from 12:00 AM to 5:00 PM as a punishment to everyone until the
    culprits are caught. I intend to catch them.

    Our server is some sort of Linux and I run Debian Etch. I am pretty
    sure all of the people doing this hard coding run Windows XP or
    Windows Vista. Essentially I have some idea of what I need to do to
    attain the MAC addresses of the hardcoders but am not quite sure.

    I would greatly appreciate help from anyone in this endeavor. Thanks
    in advanced.

    Nori


  2. Re: Hardcoding Issues

    On Sun, 04 Nov 2007 20:17:19 -0800, Nori rearranged some electrons to say:


    > I would greatly appreciate help from anyone in this endeavor.


    Read the thread entitled "Machines on LAN"

  3. Re: Hardcoding Issues

    On Nov 5, 6:17 am, Nori wrote:
    > Hello everyone. I am a college student, and at the college I go to,
    > we receive our internet connection thought the Local Area Network.
    > Our LAN uses DHCP to assign IP addresses. The DHCP server only
    > assigns IP addresses to peoples who have their MAC address registered
    > with the system admin and entered into this database. Of the late,
    > several people have been hard coding their IP addresses. This has
    > become a problem since people who are receiving IP addresses from the
    > DHCP server are frequently loosing internet connectivity due to IP
    > address conflict.
    >
    > Basically I recently began to realize how big a deal this actually
    > is. Several of my professors and the Executive Director have all lost
    > internet connectivity. The method that these hard coders are using is
    > as follows.
    >
    > Everyone at my college has an domain name which is in the form
    > {lastname}{first letter of first name}.domain.edu. (For examply
    > williamsw.foobar.edu). Essentially what has been happening is
    > students have been pinging the domain names of their targets and
    > hardcoding that IP address to prevent the rightful owner of that IP
    > from gaining internet connectivity. The system admin does not know
    > how to catch these "hardcoders" so he has chosen to disable internet
    > from 12:00 AM to 5:00 PM as a punishment to everyone until the
    > culprits are caught. I intend to catch them.
    >
    > Our server is some sort of Linux and I run Debian Etch. I am pretty
    > sure all of the people doing this hard coding run Windows XP or
    > Windows Vista. Essentially I have some idea of what I need to do to
    > attain the MAC addresses of the hardcoders but am not quite sure.
    >
    > I would greatly appreciate help from anyone in this endeavor. Thanks
    > in advanced.
    >
    > Nori


    So you got a few guys that think they smart that happens alot in a
    college...

    The simple way would be to just go to the dhcp leases and see who the
    ip address has been given to (MAC or Computer name) or you can get
    something like ethereal its a network sniffer and run it on the Proxy
    or ICS server and find the mac address of the person using the ip
    address they should not be using, but just finding their mac address
    won't help you much unless you have a database of the mac addresses
    and location for every pc in the college (doubt it) the other problem
    you can come across is that people might actually be spoofing their
    mac address with something like smac to that of the original ip
    address owner...i suggest that on the domain you make a global group
    with internet browsing rights and add the users you want to use the
    internet to that group...if you do that getting an ip address won't
    get them anywhere beyond the college network...Hope that helps and
    don't stress things like that happen in college all the time...
    cheers

    Good Luck


  4. Re: Hardcoding Issues

    Wired or wireless? If wired, and if you have a switches that can do
    accounting and so tie packets and MAC addresses to ports, you've got
    'em. If wireless, or if you don't have good switches... I dunno.

  5. Re: Hardcoding Issues

    On 2007-11-05, Nori wrote:
    > Hello everyone. I am a college student, and at the college I go to,
    > we receive our internet connection thought the Local Area Network.
    > Our LAN uses DHCP to assign IP addresses. The DHCP server only
    > assigns IP addresses to peoples who have their MAC address registered
    > with the system admin and entered into this database. Of the late,
    > several people have been hard coding their IP addresses. This has
    > become a problem since people who are receiving IP addresses from the
    > DHCP server are frequently loosing internet connectivity due to IP
    > address conflict.


    The admin needs to change his approach, me thinks.

    We've started to put machines on separate VLAN's according to wether they
    have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
    and get an IP for it. Those that aren't, are switched on a VLAN that leads
    only to the Net, and they get an 192.168.x.x. This allows visitors to go get
    their mail, without being inside the company's network. Also easier for
    them, because that 'outside' VLAN has no proxy.


    --
    There is an art, it says, or rather, a knack to flying.
    The knack lies in learning how to throw yourself at the ground and miss.
    Douglas Adams

  6. Re: Hardcoding Issues

    Rikishi 42 wrote:

    > On 2007-11-05, Nori wrote:
    >> Hello everyone. I am a college student, and at the college I go to,
    >> we receive our internet connection thought the Local Area Network.
    >> Our LAN uses DHCP to assign IP addresses. The DHCP server only
    >> assigns IP addresses to peoples who have their MAC address registered
    >> with the system admin and entered into this database. Of the late,
    >> several people have been hard coding their IP addresses. This has
    >> become a problem since people who are receiving IP addresses from the
    >> DHCP server are frequently loosing internet connectivity due to IP
    >> address conflict.

    >
    > The admin needs to change his approach, me thinks.
    >
    > We've started to put machines on separate VLAN's according to wether they
    > have a 'valid' MAC address or not. The valid MAC's are put on the main
    > LAN, and get an IP for it. Those that aren't, are switched on a VLAN that
    > leads only to the Net, and they get an 192.168.x.x. This allows visitors
    > to go get their mail, without being inside the company's network. Also
    > easier for them, because that 'outside' VLAN has no proxy.
    >
    >


    What do you do if someone changes the MAC to a MAC that is current on the
    main LAN ?
    as in

    #sudo ifconfig eth0 down hw ether xx:xx:xx:xx:xx:xx
    #sudo ifconfig eth0 up

    where xx:xx:xx:xx:xx:xx is some MAC address.

    --
    Dancin in the ruins tonight
    Tayo'y Mga Pinoy

  7. Re: Hardcoding Issues

    Rikishi 42 writes:
    >
    > We've started to put machines on separate VLAN's according to wether they
    > have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
    > and get an IP for it. Those that aren't, are switched on a VLAN that leads
    > only to the Net, and they get an 192.168.x.x. This allows visitors to go get
    > their mail, without being inside the company's network. Also easier for
    > them, because that 'outside' VLAN has no proxy.


    But if a visitor sets the IP, by hand, to one of the 'official' ones,
    what happens?

  8. Re: Hardcoding Issues

    On 2007-11-06, Joe Pfeiffer wrote:
    > Rikishi 42 writes:
    >>
    >> We've started to put machines on separate VLAN's according to wether they
    >> have a 'valid' MAC address or not. The valid MAC's are put on the main LAN,
    >> and get an IP for it. Those that aren't, are switched on a VLAN that leads
    >> only to the Net, and they get an 192.168.x.x. This allows visitors to go get
    >> their mail, without being inside the company's network. Also easier for
    >> them, because that 'outside' VLAN has no proxy.

    >
    > But if a visitor sets the IP, by hand, to one of the 'official' ones,
    > what happens?


    Say the 'real' network distributes IP addresses from the 123.x.x.x range to the
    valid MAC addresses.
    And say other MAC's get an 192.168.0.x address. Those are routed to the Net.


    The visitor manually encodes 123.45.67.89 in his machine. But since the MAC
    is invalid, the machine will still be connected (by the switch) to the
    'externals' VLAN.

    But from that VLAN, only the 192.168.0.x addresses get routed to the
    Internet. So, his machine can't even get there. It's trapped, unable to
    communicate with any machine, unless there is another such clown who did
    the same thing.




    Of course, it's possible to redefine a MAC address. But that's another story.
    And physically locating the little bugger isn't *that* difficult.
    Neighter is kicking him out of the building, with his USB stick firmly
    embedded where the light don't shine. :-)

    (allways wear gloves when applying that LART)



    PS: I wasn't involved in the deployment of that system. Therefore not all
    details are known to me. I might have - for instance - wrongly used the term
    VLAN. But you get the general drift of what was done.


    --
    There is an art, it says, or rather, a knack to flying.
    The knack lies in learning how to throw yourself at the ground and miss.
    Douglas Adams

  9. Re: Hardcoding Issues

    Nori wrote in news:1194236239.555668.193060
    @o3g2000hsb.googlegroups.com:

    > Hello everyone. I am a college student, and at the college I go to,
    > we receive our internet connection thought the Local Area Network.
    > Our LAN uses DHCP to assign IP addresses. The DHCP server only
    > assigns IP addresses to peoples who have their MAC address registered
    > with the system admin and entered into this database. Of the late,
    > several people have been hard coding their IP addresses. This has
    > become a problem since people who are receiving IP addresses from the
    > DHCP server are frequently loosing internet connectivity due to IP
    > address conflict.
    >
    > Basically I recently began to realize how big a deal this actually
    > is. Several of my professors and the Executive Director have all lost
    > internet connectivity. The method that these hard coders are using is
    > as follows.
    >
    > Everyone at my college has an domain name which is in the form
    > {lastname}{first letter of first name}.domain.edu. (For examply
    > williamsw.foobar.edu). Essentially what has been happening is
    > students have been pinging the domain names of their targets and
    > hardcoding that IP address to prevent the rightful owner of that IP
    > from gaining internet connectivity. The system admin does not know
    > how to catch these "hardcoders" so he has chosen to disable internet
    > from 12:00 AM to 5:00 PM as a punishment to everyone until the
    > culprits are caught. I intend to catch them.
    >
    > Our server is some sort of Linux and I run Debian Etch. I am pretty
    > sure all of the people doing this hard coding run Windows XP or
    > Windows Vista. Essentially I have some idea of what I need to do to
    > attain the MAC addresses of the hardcoders but am not quite sure.
    >
    > I would greatly appreciate help from anyone in this endeavor. Thanks
    > in advanced.
    >
    > Nori
    >


    If your switches support 802.1X you could try that. It isn't invulnerable
    but is a possibility.

    http://en.wikipedia.org/wiki/IEEE_802.1X

    I believe a certain computer software company (name beginning with the
    letter M ) had problem with visitors plugging into network ports and
    carrying out nefarious activities ;-). Their solution was to allow their
    bona fide servers and workstations to only talk to each other using IPSec
    IIRC.



  10. Re: Hardcoding Issues

    Rikishi 42 writes:

    > On 2007-11-06, Joe Pfeiffer wrote:
    >>
    >> But if a visitor sets the IP, by hand, to one of the 'official' ones,
    >> what happens?

    >
    > The visitor manually encodes 123.45.67.89 in his machine. But since the MAC
    > is invalid, the machine will still be connected (by the switch) to the
    > 'externals' VLAN.


    OK, so the filtering is based on MAC. Got it.

+ Reply to Thread