[K12OSN] deny IP based on MAC address....how?

Doug Simpson simpsond at leopards.k12.ar.us
Mon Oct 4 14:20:52 UTC 2004 

Addendum. . .

If they are LTSP terminals,they are extremely unlikely to be infected so 
YMMV. . .

Doug Simpson
Technology Specialist
DeQueen Public Schools
DeQueen, AR 71832
simpsond at leopards.k12.ar.us
Tux for President!

On Mon, 4 Oct 2004, Doug Simpson wrote:

> Will not the DHCP leases file give the name of the computer?  Aren't your 
> computers named by location?
> 
> Every computer on my network (winders ones,anyway) have a name that is 
> unique and location-based.
> 
> Example:
> 
> pr15rc3 is a sample name.  That tells me it is in the Primary Building, 
> Room 15 and it is the third Reading Counts! (students) computer.
> 
> hs11t means High School Room 11, Teacher's station.
> 
> The /var/lib/dhcp/dhcpd.leases file gives the computer name, MAC address 
> and IP assignment.
> 
> Then you will know where that computer is.
> 
> I learned this by the same problem.  Name the computers by location and 
> you can find troubled ones more easily using DHCP.  Also, if you run 
> Samba, you can take that information and look at status and see who is 
> actually using that computer (who is logged in on it), so that if it is 
> and XP, you knwo who's profile to look in for virus-related files.
> 
> Doug Simpson
> Technology Specialist
> DeQueen Public Schools
> DeQueen, AR 71832
> simpsond at leopards.k12.ar.us
> Tux for President!
> 
> On Sun, 3 Oct 2004, David Trask wrote:
> 
> > Hi all,
> > 
> > I have a situation....I have an IP address that I believe is infected with
> > a worm that putting significant traffic on my network.  The IP address is
> > internal and I don't for the life of me know where it is.  I've tried
> > everything to find it.  I know the MAC address from the logs on my DHCP
> > server....what I'd like to do is prevent that MAC address from even
> > getting an IP address.   Is this possible?  I'm using an FC 1 server as my
> > DHCP server (that's all that particular server does...just DHCP).  I have
> > no desire to populate my entire dhcpd.conf file with all the MAC addresses
> > in my building....there's too many.  What I simply want to do is deny
> > giving an IP address to a particular machine (whose MAC address I
> > know)....and/or deny access to my network (from inside) to that IP
> > address.  (I've statically assigned that IP to that MAC in my dhcpd.conf
> > so I can at least track it, but now I need to shut it down)  Any ideas?
> > 
> > David N. Trask
> > Technology Teacher/Coordinator
> > Vassalboro Community School
> > dtrask at vcs.u52.k12.me.us
> > (207)923-3100
> > 
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> > 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list