[ previous ] [ next ] [ threads ]
 
 From:  Steve Bertrand <steve at ibctech dot ca>
 To:  Lee Sharp <leesharp at hal dash pc dot org>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Sat, 02 May 2009 09:09:58 -0400
Lee Sharp wrote:
> Mohammed Ismail wrote:
>> It is not a company, you will get shocked if you see one of these
>> networks.
>> You will believe that they know nothing about standerds,
>> i just provide tech. support for them,
>> they buy switches around 12-15 USD.
>> The smartest one uses linksys 8 port, it is around 25 USD.
>> A 100 $ for a switch that they don't know how to use it!
>> I guess because they are out of standards, so that's why there is no
>> ideal
>> solution for them except following standards.
> 
> I hear you!  Chep stuff, and it is MY problem?

I stopped dealing with clients years ago who paid me to provide IT
support, but did not take seriously my recommendations.

I got to the point where I hated being called only to fix things that
got broken by users and cheap companies, and decided that I wanted
clients who would pay me to be proactive instead ie. use my experience
learnt in past years to build the network better, so essentially they
needed to call me *less*.

Most 'support' contractors call me crazy...I'm working myself out of a
job, but that did not end up being the case. As I slowly garnered new
clients with my proactive attitude, the other ones dissipated. Now, I
only deal with clients who trust that they are paying me because I know
what I am doing, and would not steer them wrong. More of an advisory
role than a "support" one. These are the clients that when I tell them
something needs to be done, they do it without hesitation because they
know it will be best in the long-term. I *always* try to work out the
best value for the client...not necessarily the cheapest, but the one
that will provide the most long-term value.

Also, after I've taken over a network, nobody else touches it. If they
need to make a change, they have to sign it off, so someone is held
accountable.

It took years to get to this 'client selection' stage, but I also have a
full time job, and the contracting is just on the side.

In reality, when I was working for clients and just reactively 'fixing'
things (band-aids), I found myself worrying and working on my own time,
long after my billing hours stopped for the client, trying to come up
with strategies to fix what they have with no budget. That is what I
hated the worst (after I realized it).

>> I am just still wondering how mikrotik put you all alone only via
>> DHCP. You get an ip and if you open sniffing tool you only find your
>> self and the
>> server.
>> On same switched networks.
> 
> It is not real.  If you sniff at the arp level you will see traffic.  It
> gives each user a separate network, but since the switches don't have
> v-lans, you are still in the same broadcast domain.

Yes, and this is where Man in the Middle attacks come into play, and
where gratuitous ARPs are dangerous. It is trivial to find out the other
MAC's on the wire in this case.

Cheers,

Steve