[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] deny IP based on MAC address....how?

David Trask wrote:

Hi all,

I have a situation....I have an IP address that I believe is infected with
a worm that putting significant traffic on my network.  The IP address is
internal and I don't for the life of me know where it is.  I've tried
everything to find it.  I know the MAC address from the logs on my DHCP
server....what I'd like to do is prevent that MAC address from even
getting an IP address.   Is this possible?  I'm using an FC 1 server as my
DHCP server (that's all that particular server does...just DHCP).  I have
no desire to populate my entire dhcpd.conf file with all the MAC addresses
in my building....there's too many.  What I simply want to do is deny
giving an IP address to a particular machine (whose MAC address I
know)....and/or deny access to my network (from inside) to that IP
address.  (I've statically assigned that IP to that MAC in my dhcpd.conf
so I can at least track it, but now I need to shut it down)  Any ideas?

David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask vcs u52 k12 me us

We run into this exact issue all the time. You've got Amer.com switches, right? You can block that MAC address in the switch, at their switch port. Thus, if they try statically assigning themselves an IP address, it won't matter. :-) Of course, they could go walking around till they find a drop that doesn't block them (we have people do this all the time). So, you also block their MAC at the right Gigabit trunk, i. e. the one right before you get to the segment with the router/important servers, and they can't do nada! Then they *have* to come to you and get themselves disinfected.

Sneaky, I know, but boy, does it work.

Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it out! <http://www.mozilla.org/thunderbird>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]