who offers cheap (personal) 1U colo?
Stephen Sprunk
stephen at sprunk.org
Mon Mar 15 01:14:49 UTC 2004
Thus spake "Vivien M." <vivienm at dyndns.org>
> Actually, you're forgetting what I think is the biggest reason for doing
> this: before the user registers via the web-based DHCP thing, they
> are shown the AUP and have to say they agree to it. If you just leave
> straight IP connections available in rooms, and people violate the AUP,
> they can QUITE credibly argue "But I never read this AUP". The
> web-based DHCP registration system prevents that.
Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
process.
> Other advantages would be
> A) It prevents students (or at least, all but the most clueful) from
taking
> multiple IPs and having hubs and such in their rooms
There's nothing inherently wrong with that.
> B) It makes it very easy to track what MAC address/IP address is which
> person, as you yourself admitted. Sure, this system requires a bit of
effort
> to set up initially (though I think open source implementations are easily
> available), but afterwards, you don't need to have your most clueful
network
> engineer dig through to try and figure out which room is what IP. If you
> lower the clue level required to operate an abuse desk, I would argue you
> improve its efficiency in many cases...
Tracking an IP address to a particular switch port via ARP and bridging
tables is straightforward; however this relies on detailed cabling plant
data.
> C) It avoids issues of changing ports. Let's say I'm in room 101, and my
> friend Bob is in room 102. I take my laptop to Bob's room and plug it
> into the network and go and do something dumb... If you hunt down my
> MAC address to a particular port, it looks like Bob is the AUP violator.
> If you have a registration system, you know that this MAC address
> belongs to me, not Bob.
Or, if you use 802.1x, you can skip the MAC registration and identify the
user directly each time he logs in.
> Oh, and what about wireless networks? I have my nice 802.11b card,
> how do you propose to track that without MAC registration (or hackish
> VPN systems, which are also deployed in some campuses)?
802.1x
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
More information about the NANOG
mailing list