It's the cablemodem doing this. It's told to only allow a set number (usually one) of systems public access (read: IP's); many ISPs will sell you additional dynamic addresses. The first one to make a DHCP request wins. As others have said, reset or power-cycle the modem and it will forget that MAC.
And if you are? You have to login with a username and password? So why can't Tufts IT tell who was using what IP at a given time on the wireless network? Are each of the wireless APs NAT routers?
No it wouldn't. The entire syslog records of the dialup hardware for an ISP I previously worked for fit entirely on a single 1G Jaz disk. That's 4 years worth of records -- from the day they went public to the day we switched to RADIUS. The RADIUS accounting record dumps for ~3yrs were also pretty small. I could tell you who was using what address with 99% certainly within minutes.
This is not the mountain of data you seem to think it is. If telco's can keep CDRs for every call in their network for 10 years, a university can certainly keep DHCP logs for 6 months.
It's called "ATA SECURITY", and it does NOT encrypt any part of the drive. It's a simple firmware trick to prevent access above (usually) 10MB on the drive. There are ways around it ranging from simple "manufacturer" passwords to complicated hardware hacks to replace the firmware. If it's an IBM ThinkPad, it's a simple process of taking the laptop apart and reading the password out of the "TPM" chip. (requires some cheap, specialized toys. There are numerous internet sites that will decode the TPM contents for you (for a fee.))
I would venture a guess the problem is rooted in the concept of "pay grades" that are assigned to various job functions/titles/classifications. For example, a "Mechanic I" is pay grade 34 which get paid between $21k and $34k. (I'm just making these number up, btw.) If these things are directly coded in the system, it can be hard to change. If it's all a big "database", then it's a time consuming pain in the ass to change, to then later put it all back AND CORRECT THE DIFFERENCE.
Oh good god. Walk to your nearest computer gear shop and get a $30 USB floppy drive. There's no need to take the computer apart -- I doubt there's a floppy controller in it anyway. Plugging in a USB device will not void anything. (they don't even need to know it was ever plugged in.) I'm sure there are other usb things plugged in already -- like the keyboard.
And you've never been in academia. While databases do solve real world problems, they started as academic persuits. "OO design" is entirely rooted in academia... I doubt anyone who has ever written any program has done so in a manner that is not today interpreted as some form of OO -- except that it propbably wasn't written in C++. I know I had written numerous "OO" things long before "object oriented" ever crossed anyone's lips. "OO design" is simply academic BS used to warp people's brains into programming everything orders of magnitude more complicated than it ever needs to be.
No, it isn't competition as the local phone company gets paid no matter who provides the IP address.
Case in point... I have an earthlink cable modem. The only part of it that's Earthlink (aka. mindspring) is the ip address. 100% of the system is timewarner (roadrunner.) I am billed by and pay pay TW; not earthlink.
It's "open" in that anyone can get access. However, the local phone company has the obvious advantage as they get to charge anyone for access -- rack space, power, access to the copper, and even "escorted access" to your own equipment in their CO.
So, while your local Bell can sell you DSL for 45$, they make sure no one else can. Back when DSL was an emerging technology, Bellsouth (in NC) wanted $60 per UNE (unbundled network element, aka. a dry copper pair.) At the time, a BUSINESS phone line was $45, and Bellsouth had zero DSL gear anywhere and no plans to ever have any. They were selling dialup (just like everybody else, 'tho they entered the game at the end and used their monopoly position to push many ISPs under), so they bolstered their dialup business by preventing anyone from offering anything else. Once DSL caught on, they started installing DSLAMs everywhere (and I do mean everywhere... CO's, pedestals, phone poles, etc.) and undercut *everyone*.
Verizon is being very underhanded and smart. As they roll out FiOS, they remove the copper wiring. While there are numerous laws requiring "open access" to the copper, there are no similar requirements for their fiber. Once the fiber is in place, they remove the copper and all chance of any (meaningful) competition.
And how does SpeakEasy provide your connection? By reselling connectivity from, usually, the local phone company -- in some cases, from 3rd party people like Covad, et. al.
Doesn't work on any of the systems I can access... RR cable modems in various locations, Bellsouth (AT&T) DSL in various locations, TimeWarner T1, Verizon DS3, and machines co-lo'd in other COUNTRIES. None get an answer. So, no, it doesn't work.
Negative. If one enters https://foo.com/, the server at foo.com MUST answer with a certificate for foo.com or the browser will emit a warning. You must connect to the server before it can redirect you to bar.com.
Look further down... there's 2 build() functions on the page. The second one opens session + ".doxdns1.com/printme.html" which will provide even more confusing javascript XMLRPC code to fetch the backend processing results -- i.e. the Real Magic(tm).
Small correction/addition... SUVs are more dangerous/less safe because the safety standards are lower for SUVs. Take this guy's accident in the other direction... suv t-boned by little car. While the car will still be a mess -- they're designed to fly apart (a little too easily if you ask me), the SUV will be even worse. There's not a lot of material on the sides of SUVs to absorb an impact. Side curtain airbags are rare.
Says you. And me. And the rest of the sane admins on Earth. But not this nut. If you understand your network, you can rebuild the config should it ever be lost. But your first job is to make sure it's never lost.
In case you've missed it, this guy is nuts. Certified. Bonkers. Insane. A happy meal shy of a happy meal.
The point is: Just because it's a huge router doesn't mean it has a huge complex configuration.
Ultimately, the complexity is a matter of who's messing with it. If you know nothing about BGP, then any real-world-meaty BGP setup would qualify as complex.
Given it's a Cisco shop, I would concur. Having the vpngroup password (used for isakmp) will get you nowhere without additional authentication. "x-auth" in cisco-ese. That can be handed off to whatever backend system via RADIUS or TACACS+. (we passed users through to novell, but I've setup systems to pass through to securid.)
That calls for a full on BOFH moment... (loud enough for the entire floor to hear) "What kind of f***ing moron cannot remember he set his password to PASSWORD?!" (turn. walk away.)
Decades ago, NCSU used to do that crap for access to the academic mainframe ("ACS"). Guess what? Almost every programmable calculator on campus (in an engineering school that's a lot of them) had the pad routine on it. (at least many of those in my circle did.) I recall at least one TN3270(?) macro for calculating the pad and filling it in. So, the challenge was next to useless.
(BTW, with appropriate access to ACS one could rewrite their transcripts. So the people you want to keep out the most are local to the system and thus aware of the pad -- and the ability to answer it.)
When are people ever going to learn such overly heavy handed, draconian password policies, in fact, DO NOT improve password security? The more complex a password must be, the less secure it will actually be because the users have to be able to remember it. What I've seen time and time again... people pick poor/weak passwords acceptable to the system and then they write them down and stick it on the edge of their monitor.
I see you've used EDS hosted systems as well:-) Back when I did, it was an unwritten part of the manual... find a word the system will accept and add a number to the end (1, 2, 3, 4, 1, 2,...)
Not necessarily without question, but obviously with little power to actually stop him. Even with other admins, it comes down to a race -- whoever gets in first to lock everybody else out wins. (that was actually part of my Nortel Passport training class:-))
Slashdot Mirror
It's the cablemodem doing this. It's told to only allow a set number (usually one) of systems public access (read: IP's); many ISPs will sell you additional dynamic addresses. The first one to make a DHCP request wins. As others have said, reset or power-cycle the modem and it will forget that MAC.
And if you are? You have to login with a username and password? So why can't Tufts IT tell who was using what IP at a given time on the wireless network? Are each of the wireless APs NAT routers?
No it wouldn't. The entire syslog records of the dialup hardware for an ISP I previously worked for fit entirely on a single 1G Jaz disk. That's 4 years worth of records -- from the day they went public to the day we switched to RADIUS. The RADIUS accounting record dumps for ~3yrs were also pretty small. I could tell you who was using what address with 99% certainly within minutes. This is not the mountain of data you seem to think it is. If telco's can keep CDRs for every call in their network for 10 years, a university can certainly keep DHCP logs for 6 months.
It's called "ATA SECURITY", and it does NOT encrypt any part of the drive. It's a simple firmware trick to prevent access above (usually) 10MB on the drive. There are ways around it ranging from simple "manufacturer" passwords to complicated hardware hacks to replace the firmware. If it's an IBM ThinkPad, it's a simple process of taking the laptop apart and reading the password out of the "TPM" chip. (requires some cheap, specialized toys. There are numerous internet sites that will decode the TPM contents for you (for a fee.))
I would venture a guess the problem is rooted in the concept of "pay grades" that are assigned to various job functions/titles/classifications. For example, a "Mechanic I" is pay grade 34 which get paid between $21k and $34k. (I'm just making these number up, btw.) If these things are directly coded in the system, it can be hard to change. If it's all a big "database", then it's a time consuming pain in the ass to change, to then later put it all back AND CORRECT THE DIFFERENCE.
Oh good god. Walk to your nearest computer gear shop and get a $30 USB floppy drive. There's no need to take the computer apart -- I doubt there's a floppy controller in it anyway. Plugging in a USB device will not void anything. (they don't even need to know it was ever plugged in.) I'm sure there are other usb things plugged in already -- like the keyboard.
And you've never been in academia. While databases do solve real world problems, they started as academic persuits. "OO design" is entirely rooted in academia... I doubt anyone who has ever written any program has done so in a manner that is not today interpreted as some form of OO -- except that it propbably wasn't written in C++. I know I had written numerous "OO" things long before "object oriented" ever crossed anyone's lips. "OO design" is simply academic BS used to warp people's brains into programming everything orders of magnitude more complicated than it ever needs to be.
No, it isn't competition as the local phone company gets paid no matter who provides the IP address.
Case in point... I have an earthlink cable modem. The only part of it that's Earthlink (aka. mindspring) is the ip address. 100% of the system is timewarner (roadrunner.) I am billed by and pay pay TW; not earthlink.
It's "open" in that anyone can get access. However, the local phone company has the obvious advantage as they get to charge anyone for access -- rack space, power, access to the copper, and even "escorted access" to your own equipment in their CO.
So, while your local Bell can sell you DSL for 45$, they make sure no one else can. Back when DSL was an emerging technology, Bellsouth (in NC) wanted $60 per UNE (unbundled network element, aka. a dry copper pair.) At the time, a BUSINESS phone line was $45, and Bellsouth had zero DSL gear anywhere and no plans to ever have any. They were selling dialup (just like everybody else, 'tho they entered the game at the end and used their monopoly position to push many ISPs under), so they bolstered their dialup business by preventing anyone from offering anything else. Once DSL caught on, they started installing DSLAMs everywhere (and I do mean everywhere... CO's, pedestals, phone poles, etc.) and undercut *everyone*.
Verizon is being very underhanded and smart. As they roll out FiOS, they remove the copper wiring. While there are numerous laws requiring "open access" to the copper, there are no similar requirements for their fiber. Once the fiber is in place, they remove the copper and all chance of any (meaningful) competition.
And how does SpeakEasy provide your connection? By reselling connectivity from, usually, the local phone company -- in some cases, from 3rd party people like Covad, et. al.
Doesn't work on any of the systems I can access... RR cable modems in various locations, Bellsouth (AT&T) DSL in various locations, TimeWarner T1, Verizon DS3, and machines co-lo'd in other COUNTRIES. None get an answer. So, no, it doesn't work.
Negative. If one enters https://foo.com/, the server at foo.com MUST answer with a certificate for foo.com or the browser will emit a warning. You must connect to the server before it can redirect you to bar.com.
... except it doesn't work AT F'ING ALL. On any browser. On any system.
Look further down... there's 2 build() functions on the page. The second one opens session + ".doxdns1.com/printme.html" which will provide even more confusing javascript XMLRPC code to fetch the backend processing results -- i.e. the Real Magic(tm).
Small correction/addition... SUVs are more dangerous/less safe because the safety standards are lower for SUVs. Take this guy's accident in the other direction... suv t-boned by little car. While the car will still be a mess -- they're designed to fly apart (a little too easily if you ask me), the SUV will be even worse. There's not a lot of material on the sides of SUVs to absorb an impact. Side curtain airbags are rare.
Says you. And me. And the rest of the sane admins on Earth. But not this nut. If you understand your network, you can rebuild the config should it ever be lost. But your first job is to make sure it's never lost.
In case you've missed it, this guy is nuts. Certified. Bonkers. Insane. A happy meal shy of a happy meal.
The point is: Just because it's a huge router doesn't mean it has a huge complex configuration.
Ultimately, the complexity is a matter of who's messing with it. If you know nothing about BGP, then any real-world-meaty BGP setup would qualify as complex.
I see you've never used the Cisco VPN Client.
Given it's a Cisco shop, I would concur. Having the vpngroup password (used for isakmp) will get you nowhere without additional authentication. "x-auth" in cisco-ese. That can be handed off to whatever backend system via RADIUS or TACACS+. (we passed users through to novell, but I've setup systems to pass through to securid.)
That calls for a full on BOFH moment... (loud enough for the entire floor to hear) "What kind of f***ing moron cannot remember he set his password to PASSWORD?!" (turn. walk away.)
Decades ago, NCSU used to do that crap for access to the academic mainframe ("ACS"). Guess what? Almost every programmable calculator on campus (in an engineering school that's a lot of them) had the pad routine on it. (at least many of those in my circle did.) I recall at least one TN3270(?) macro for calculating the pad and filling it in. So, the challenge was next to useless.
(BTW, with appropriate access to ACS one could rewrite their transcripts. So the people you want to keep out the most are local to the system and thus aware of the pad -- and the ability to answer it.)
When are people ever going to learn such overly heavy handed, draconian password policies, in fact, DO NOT improve password security? The more complex a password must be, the less secure it will actually be because the users have to be able to remember it. What I've seen time and time again... people pick poor/weak passwords acceptable to the system and then they write them down and stick it on the edge of their monitor.
I see you've used EDS hosted systems as well :-) Back when I did, it was an unwritten part of the manual... find a word the system will accept and add a number to the end (1, 2, 3, 4, 1, 2, ...)
right up to when they fired him.
Not necessarily without question, but obviously with little power to actually stop him. Even with other admins, it comes down to a race -- whoever gets in first to lock everybody else out wins. (that was actually part of my Nortel Passport training class :-))