Click here to get back home

Block Unauthorized Computer
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Block Unauthorized Computer Dave Mackler 10-31-2007
Posted by Dave Mackler on October 31, 2007, 11:06 am
Please log in for more thread options
 My servers are Server 2003, SP2. I have DHCP running well. I noticed a
computer name in the Address list of the DHCP server that is not a computer
that belongs to our company. All I have is the computer name and MAC
address, which DHCP catches.

How can I block or prohibit this computer from getting an IP address or
from using our network for whatever purpose??

dave Admin




Posted by Anthony on October 31, 2007, 11:34 am
Please log in for more thread options
 Hi Dave,
You have to use some form of network access control. There's different ways
to do this:
- MAC address restrictions on the switch
- some form of authentication or validation, e.g Cisco NAC. Also WS2008 has
features for this,
Anthony, http://www.airdesk.co.uk



> My servers are Server 2003, SP2. I have DHCP running well. I noticed a
> computer name in the Address list of the DHCP server that is not a
> computer that belongs to our company. All I have is the computer name and
> MAC address, which DHCP catches.
>
> How can I block or prohibit this computer from getting an IP address or
> from using our network for whatever purpose??
>
> dave Admin
>
>



Posted by Martin X. on October 31, 2007, 11:49 am
Please log in for more thread options
Off the top of my head, perhaps you can reserve a "bad" IP address for the
rogue system. I'm not sure if you can do this, but give it an IP address in
a different subnet, that way it will not be able to communicate with any
systems at all on your network. You can try experimenting with this on a
test system. Let me know how you make out.

--
Regards,
Martin X.
MCSA: M


My servers are Server 2003, SP2. I have DHCP running well. I noticed a
computer name in the Address list of the DHCP server that is not a computer
that belongs to our company. All I have is the computer name and MAC
address, which DHCP catches.

How can I block or prohibit this computer from getting an IP address or
from using our network for whatever purpose??

dave Admin





Posted by Danny Sanders on October 31, 2007, 3:44 pm
Please log in for more thread options
You could also disconnect any unused jacks at the patch panel so when they
plug the computer into an unused jack, they can't get anywhere.

hth
DDS

> Off the top of my head, perhaps you can reserve a "bad" IP address for the
> rogue system. I'm not sure if you can do this, but give it an IP address
> in
> a different subnet, that way it will not be able to communicate with any
> systems at all on your network. You can try experimenting with this on a
> test system. Let me know how you make out.
>
> --
> Regards,
> Martin X.
> MCSA: M
>
>
> My servers are Server 2003, SP2. I have DHCP running well. I noticed a
> computer name in the Address list of the DHCP server that is not a
> computer
> that belongs to our company. All I have is the computer name and MAC
> address, which DHCP catches.
>
> How can I block or prohibit this computer from getting an IP address or
> from using our network for whatever purpose??
>
> dave Admin
>
>
>
>



Posted by DevilsPGD on October 31, 2007, 4:59 pm
Please log in for more thread options

>You could also disconnect any unused jacks at the patch panel so when they
>plug the computer into an unused jack, they can't get anywhere.

This will only cause a minimal slowdown if the unauthorized computer is
malicious rather then an accident -- All it takes is a cheapo hub/switch
to get connected. I had one at one point that was USB powered.

You can go a step further and lock down a one to one ratio between ports
and MAC addresses, and automatically kill the port if an unauthorized
MAC address shows up (many data centers do this, SOHO gear cannot)

This raises the bar substantially, although it is entirely possible for
a stateful NAT box to sit between a legitimate machine and the network,
fake the correct MAC addresses on both sides, and still insert it's own
traffic into the WAN side of the NAT box (the LAN), effectively
"sharing" the IP of the client PC.

This is well beyond what is likely happening here, chances are that this
situation is just someone brought a home laptop in and plugged in.

--
You can get more with a kind word and a 2x4 than just a kind word.

Similar ThreadsPosted
Can a Computer (so everyone who logs on on that computer) have access rights? January 12, 2006, 6:50 am
W2K - Block USB through GPO ? July 12, 2005, 10:43 am
block IM August 19, 2005, 11:16 am
Block MSN Messenger August 18, 2005, 5:03 pm
Block Toolbars April 26, 2006, 1:22 pm
Block file copy October 4, 2005, 10:10 am
ipsec to block ip range November 22, 2005, 12:12 pm
Block server reboots? April 4, 2007, 2:22 pm
Block Remote Control July 6, 2007, 1:18 pm
[?]block entire network ranges October 14, 2005, 4:02 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap