[K12OSN] deny IP based on MAC address....how?
"Terrell Prudé, Jr."
microman at cmosnetworks.com
Mon Oct 4 02:32:54 UTC 2004
David Trask wrote:
>Hi all,
>
>I have a situation....I have an IP address that I believe is infected with
>a worm that putting significant traffic on my network. The IP address is
>internal and I don't for the life of me know where it is. I've tried
>everything to find it. I know the MAC address from the logs on my DHCP
>server....what I'd like to do is prevent that MAC address from even
>getting an IP address. Is this possible? I'm using an FC 1 server as my
>DHCP server (that's all that particular server does...just DHCP). I have
>no desire to populate my entire dhcpd.conf file with all the MAC addresses
>in my building....there's too many. What I simply want to do is deny
>giving an IP address to a particular machine (whose MAC address I
>know)....and/or deny access to my network (from inside) to that IP
>address. (I've statically assigned that IP to that MAC in my dhcpd.conf
>so I can at least track it, but now I need to shut it down) Any ideas?
>
>David N. Trask
>Technology Teacher/Coordinator
>Vassalboro Community School
>dtrask at vcs.u52.k12.me.us
>(207)923-3100
>
>
We run into this exact issue all the time. You've got Amer.com
switches, right? You can block that MAC address in the switch, at their
switch port. Thus, if they try statically assigning themselves an IP
address, it won't matter. :-) Of course, they could go walking around
till they find a drop that doesn't block them (we have people do this
all the time). So, you also block their MAC at the right Gigabit trunk,
i. e. the one right before you get to the segment with the
router/important servers, and they can't do nada! Then they *have* to
come to you and get themselves disinfected.
Sneaky, I know, but boy, does it work.
--TP
_____________________
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it
out! <http://www.mozilla.org/thunderbird>
More information about the K12OSN
mailing list