Mark Jayson Alvarez wrote:
Hi,
Ok here's our problems. Mostly pertaining to tracking down who is this
user eating up our bandwidth or who is this user flooding our network.
1. Users when they want to plug a machine to the network... let's say
their own testbeds, they will choose whatever ip they want possibly
stealing used ip's.
2. Users workstations are mixed Windows and *nixes. Most windows
machines are getting infected with worm from time to time... Some of
them are not so skillful enough to clean their own workstations. Given
an unmanaged ip allocation, it would also be hard to trace which
machines are causing the network congestion.
3. Some users with public workstations and testbeds are eating up
bandwidth through file sharing...Still hard to trace this without proper
ip allocation management.
If the problem is that users choose occupied ips by accident rather than
by bad will, then use dhcp. Windows users and novices will thank you for
not having to deal with the configuration and you can say "just plug it
in and it works".
If you want to make people aware of what it means to be on the network,
register their hosts with mac address and have them sign a paper with
your AUP. Track changes with arpwatch.
Assign a segment of your address space to testbeds, tell people who want
to experiment that they choose an ip in that segment. That segment
should be blocked or only have access to limited services such as dns,
ftp and http.
Block all access to port 25 on internet to make sure that mail is sent
through your mailserver. Require authentication for smtp. This means
that at least you won't spread the viruses that infect the windows clients.
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
