[unisog] Server based scan for student computers

Oscar Knight knightod at appstate.edu
Tue May 17 18:06:28 GMT 2005

> Kent Percival wrote:
> A lot of institutions have similar commercial or homebrew
> implementations.  One thing I'm concerned about is the exposure on the
> registration vlan.  During the peak registration period, there may be
> several users attempting to register at the same time.  During some
> period these machines are on the same and can become aware of each
> other if the standard Window's networking is enabled.  Viruses could
> propagate during this time and personal information could be exposed.
> We all know a lot of damage can be done in a very short time!  How do
> you deal with this?

Hello All,

At least one commercial application uses (or did in the past) 30 bit
networks.  You would need a large address space.  If you needed some
external access, ie windows update then I think you would do NAT.

Example:  (please note, I'm not a router person this may all be incorrect)

   Address Space:

   Using 30 bit networks the above space is carved up into 1024 networks
   looking like:     broadcast     workstation     router     network mask     broadcast     workstation     router     network mask

     ...    broadcast    workstation    router    network mask

The above means you have a LOT of secondary addresses, 1024 on the router
interface.  I don't think the DHCP config would be pretty.  Lots of other

I think you would only want to do this for your registration/remediation
vlan.  The idea is that malware will typically use the IP stack and for
the most part each machine will not "see" the others IF the router blocks
the traffic.

You can probably tell from my comments that we have not and do not use 30
bit networks.  If anyone out there uses 30 bit networks, either commercial
or homebrew then I would be very interested in hearing about your

Oscar D. Knight
Appalachian State University, Boone, NC

More information about the unisog mailing list