On Friday 17 June 2005 15:09, Lule George William wrote: > Because they were all student laptops and I didn't > want to go running around the network searching at > which point they were hooked on.
So have a mobile user (security) access policy. > Finally had to do > it:-)... Sucks! But hey, so do taxes, and then you die :). > They had mytob and it was doing havoc on my > network. E-mail virus scanning? > I mailed and called them to come for cleaning > to no avail. Users are used to being the ones that complain. They usually come to you for that. > I cut them off at the proxy from > accessing the Internet but it seems they were quite > happy with just the intranet... And e-mail. > thats why I wanted them > off completely. Great stance; that should get them running to you. > However, I am still interested in > finding out how to do it, because next time I really > wouldn't like to run around the whole university > network!!! Well, there are ways and techniques in discovering which hosts are mis-behaving, but that's beyond the scope of this thread (and would now enter into DoS mitigation and vendor-specific knobs and switches, which can get lengthy). I think the valuable lesson you have learned here is to be able to design your network (and security policy) so that you can do anything you want from the helm (and not run around like a headless chicken). Campus networks can be especially daunting, but a combination of routing, switching and a security policy that allows for robust scalability and management will save you next time, regardless of the size of your network. But as most have suggested, cumbersome "customers" should have their connectivity severed, as close to Layer 1 as possible, if not. As Colonel 'The Champ' Agaba would say, "You've got to nip it in the bud". Mark.
pgpYNAuaXy8cb.pgp
Description: PGP signature
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
