[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] deny IP based on MAC address....how?



Another choice would be to use some secondary addresses (some subset of
the private addresses listed below) and block them at servers/routers.

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

Jason Straw

On Sun, 2004-10-03 at 21:23, Eric Harrison wrote:
> On Sun, 3 Oct 2004, Jim Hays wrote:
> 
> >
> >try looking at
> >
> >man dhcpd
> >
> >and serch for deny
> >
> >That may have the info you want.
> 
> The problem with denying that mac address is the client will eventually
> give itself a 169.x.x.x address and continue to flood the network.
> Depending on the setup, it may or may not still be a risk, but it
> could still be chewing up bandwidth.
> 
> How about assigning it 127.0.0.1? ;-)
> 
> /etc/dhcpd.conf:
> 
> 	host goaway {
> 		hardware ethernet 01:02:03:04:05:06; # insert mac here
> 		fixed-address     127.0.0.1;
>     }
> 
> I've never tried this, but it at least sounds like it might work...
> 
> -Eric
> 
> >
> >Quoting David Trask <dtrask vcs u52 k12 me us>:
> >
> >> Hi all,
> >> 
> >> I have a situation....I have an IP address that I believe is infected with
> >> a worm that putting significant traffic on my network.  The IP address is
> >> internal and I don't for the life of me know where it is.  I've tried
> >> everything to find it.  I know the MAC address from the logs on my DHCP
> >> server....what I'd like to do is prevent that MAC address from even
> >> getting an IP address.   Is this possible?  I'm using an FC 1 server as my
> >> DHCP server (that's all that particular server does...just DHCP).  I have
> >> no desire to populate my entire dhcpd.conf file with all the MAC addresses
> >> in my building....there's too many.  What I simply want to do is deny
> >> giving an IP address to a particular machine (whose MAC address I
> >> know)....and/or deny access to my network (from inside) to that IP
> >> address.  (I've statically assigned that IP to that MAC in my dhcpd.conf
> >> so I can at least track it, but now I need to shut it down)  Any ideas?
> >> 
> >> David N. Trask
> >> Technology Teacher/Coordinator
> >> Vassalboro Community School
> >> dtrask vcs u52 k12 me us
> >> (207)923-3100
> >> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
####################################################
|| Jason Straw - misato misato us Quality Control and Distro ||
|| Sugar Cube Fansubs www.sugar-cube.org ||
|| GPG Key ID  -- pgp.mit.edu -- D662C649 ||
####################################################


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]