[unisog] NetReg Circumvention?
pete at shadows.uottawa.ca
Thu Sep 4 11:28:04 GMT 2003
On Wed, Sep 03, 2003 at 06:43:42PM -0400, Brian Reilly wrote:
> For those of you who've implemented a NetReg or similar DHCP-driven
> solution for host registration, have you had many instances of users
> circumventing the process by just assigning themselves static IP
> addresses? If so, how have you addressed this issue, and are you
> considering migrating to something like 802.1x or VQP as a result?
We have a quota system based on netflow data. In order to get
around their quotas, we have seen static assignment of IP addresses.
Even worse, we have seen them change their MAC address totheir
neighbour's, then DHCP with that address.
Our fix was to use a scheme similar to Waterloo's. Lock the port
down to a single MAC, and freeze the arp tables in the router.
More information about the unisog