1. Hello, My Name is Host Name Endgrain Dan Kaminsky Tiffany Rad
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
Notas do Editor
While the research is specific to USM, we discovered similar setups at other universities. Presentation is not meant to target out any specific person or organization
Dorm configuration adds “dorm” subdomain, giving away another piece of information to anyone who wants to get it. IT staff configuration shows that even for their own employees – USM either doesn't realize that they're exposing personal information or they just don't think that it's an issue. Websites, emails, file sharing, IRC... anything where communication exposes your IP.
maine.edu is unavoidable. Usm sub-domain also rather needed. Dorm vs. wireless sub-domains give relative physical location and prior knowledge or a little research can give a more accurate physical location. Split campus – dorms in Gorham and most classes (wireless) are in Portland. FULL NAME – Why is it necesssary? Laziness or ease of administration? Bottom line: mention other universites.
Wanted to know how people were granted access on the network. How to keep out public and allow easy use by students? Still don't know the details about how the DHCP server interfaces with the DB or whether it's built into the DHCP server.
Using MAC addresses as a unique identifier is OK but it's not OK to assume that MAC addresses cannot be changed. Why aren't user's identities shielded by edge devices such as routers? Is there a reason that each user has their own external IP? MAC addresses aren't locked to one physical port on the network switches. Users can roam with their devices, even when using the Ethernet network. Student and faculty are constantly moving from network to network with their devices.
It didn't take much to realize how this access control model could be circumvented. Can easily assume the identity of another user and perform otherwise suspicious or illegal activities.
Are universities rolling their own software that generates user host names from full names or is there a piece of software that comes with the feature? Is it a coincidence that many universities around the country are using similar naming conventions or have they been suggested to do so? Is there some acceptable reason for every user to have an Internet routable IP address?