[K12OSN] deny IP based on MAC address....how?
Eric Harrison
eharrison at mail.mesd.k12.or.us
Mon Oct 4 01:23:58 UTC 2004
On Sun, 3 Oct 2004, Jim Hays wrote:
>
>try looking at
>
>man dhcpd
>
>and serch for deny
>
>That may have the info you want.
The problem with denying that mac address is the client will eventually
give itself a 169.x.x.x address and continue to flood the network.
Depending on the setup, it may or may not still be a risk, but it
could still be chewing up bandwidth.
How about assigning it 127.0.0.1? ;-)
/etc/dhcpd.conf:
host goaway {
hardware ethernet 01:02:03:04:05:06; # insert mac here
fixed-address 127.0.0.1;
}
I've never tried this, but it at least sounds like it might work...
-Eric
>
>Quoting David Trask <dtrask at vcs.u52.k12.me.us>:
>
>> Hi all,
>>
>> I have a situation....I have an IP address that I believe is infected with
>> a worm that putting significant traffic on my network. The IP address is
>> internal and I don't for the life of me know where it is. I've tried
>> everything to find it. I know the MAC address from the logs on my DHCP
>> server....what I'd like to do is prevent that MAC address from even
>> getting an IP address. Is this possible? I'm using an FC 1 server as my
>> DHCP server (that's all that particular server does...just DHCP). I have
>> no desire to populate my entire dhcpd.conf file with all the MAC addresses
>> in my building....there's too many. What I simply want to do is deny
>> giving an IP address to a particular machine (whose MAC address I
>> know)....and/or deny access to my network (from inside) to that IP
>> address. (I've statically assigned that IP to that MAC in my dhcpd.conf
>> so I can at least track it, but now I need to shut it down) Any ideas?
>>
>> David N. Trask
>> Technology Teacher/Coordinator
>> Vassalboro Community School
>> dtrask at vcs.u52.k12.me.us
>> (207)923-3100
>>
More information about the K12OSN
mailing list