[K12OSN] deny IP based on MAC address....how?
Christopher K. Johnson
ckjohnson at gwi.net
Mon Oct 4 02:20:19 UTC 2004
Jim Hays wrote:
>try looking at
>man dhcpd
>and serch for deny
>That may have the info you want.
>
>
>Quoting David Trask <dtrask at vcs.u52.k12.me.us>:
>
>
>
>>Hi all,
>>
>>I have a situation....I have an IP address that I believe is infected with
>>a worm that putting significant traffic on my network. The IP address is
>>internal and I don't for the life of me know where it is. I've tried
>>everything to find it. I know the MAC address from the logs on my DHCP
>>server....what I'd like to do is prevent that MAC address from even
>>getting an IP address. Is this possible? I'm using an FC 1 server as my
>>DHCP server (that's all that particular server does...just DHCP). I have
>>no desire to populate my entire dhcpd.conf file with all the MAC addresses
>>in my building....there's too many. What I simply want to do is deny
>>giving an IP address to a particular machine (whose MAC address I
>>know)....and/or deny access to my network (from inside) to that IP
>>address. (I've statically assigned that IP to that MAC in my dhcpd.conf
>>so I can at least track it, but now I need to shut it down) Any ideas?
>>
>>
You can also get a clue what the machine is named, or even perhaps who
is logged onto it:
nmblookup -r -A ip_addr_you_assigned
Chris
--
-----------------------------------------------------------
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
More information about the K12OSN
mailing list