[david-uk]

Hi. Any one know how to block a MAC address from DHCP or through other means? I got a guy who is connecting a laptop at all sorts of odd times to my network. Unfortunately he is also using a fixed IP address which clashes with my file server. I have his laptop’s MAC address but nothing else and I need to block him through his MAC only. Is there any way of doing this through either DHCP or other software? I also tried blocking him on the switches. I use HP Procurve intelligent switches but can not find any options on their setup menus to block a MAC address. Any ideas?

[PeterDV]

Usually it's set in the switch. (manual?? )
But I don't think there is a way to do that without 3rd party software in a windows environment (enlighten me pls )

I think you should play this via management and enforce a security policy and persuade that guy to use dynamic ip "or else" .. just my 2ct.

[666]

Here's how to block a MAC address with Sygate: http://www.isaserver.org/articles/blockbymac.html

If the intruder changes his MAC address to bypass your blacklist you can start all over again. Plenty of network cards that let you enter your favorite MAC address. And if you run a Google search for MAC address spoofing you'll pick up things like http://www.gorlani.com/publicprj/mac.../macmakeup.asp .

If your network is not too big it may be more effective to make a whitelist of allowed MAC addresses and block everything else with a (software) firewall or a router. If the intruder can spoof a MAC address on your whitelist he can still get in.

Check out http://www.net-security.org/article.php?id=364 . MAC address blocking may not be enough.

[tonyyeb]

How about smashing the laptop around this guys head!! He is creating a HUGE risk to your network particulary if he is picking IP addresses that clash with servers! If it was me i'd give hime a big slap and threaten to take away his laptop under the companies security policy... (if you dont have a security policy then write one... and include the ability to physically abuse staff with their unauthorised hardware!)

[wullieb1]

I would take his laptop from him.

This may be easier though. Stick him in his own ou and create a GPO that restricts access to his network connections.

User Configuration/Administrative Templates/Network/Network Connections

Set the Prohibit access to properties of a LAN Connection to be enabled.

Change his IP to DHCP then apply the GPO to his OU.

[tonyyeb]

But if this laptop is the guys own laptop then he wont be logging onto the network... so no GPO will be applied. Plus how will the GPO stop him from setting the IP address of his network card the same as a server. It will cause havoc moments after starting to boot.

This needs to be done at switch level really. Using VLANs would work but that needs switches with VLAN capability.

[wullieb1]

Quote:

Originally Posted by tonyyeb

But if this laptop is the guys own laptop then he wont be logging onto the network... so no GPO will be applied. Plus how will the GPO stop him from setting the IP address of his network card the same as a server. It will cause havoc moments after starting to boot.

This needs to be done at switch level really. Using VLANs would work but that needs switches with VLAN capability.

It doesn't say that it is his own laptop but i can see where your coming from.

Actually the GPO will stop him showing the properties of the card thus he can't change his IP address.

How does he manage to get the laptop connected??

Is he physically connected to your network or is he hacking in??

I would still have a word with either him or his manager and TELL not ask him to stop.

[david-uk]

Guys,

You got this all wrong. I dont have a clue in hell who this guy is. If you read my original message you will see i said i only have his MAC address. The IP address he uses is fixed and clashes with my File server. All I know is some guy brings a laptop and connects somewhere in my campus to my network at odd times through available network sockets. If i could find him and know who he was i would ban him imediately through AD. I dont have a clue who he is, and when or where he will next plug his laptop in. Ok enough of that. I have found a way of blocking him by MAC address through the Procurve switches using VLANS. Thanks for all the replies anyway. David.

[666]

Quote:

Originally Posted by david-uk

I dont have a clue in hell who this guy is. If you read my original message you will see i said i only have his MAC address.

So maybe it's a girl with a laptop on her lap and you don't know her MAC address? Or is it a guys-only campus?

Anyway, your blocking method only works if he/she doesn't change his/her network card MAC address. Maybe you should change your network setup and require people to use a username and password? Looks like your current setup doesn't stop anyone from plugging anything (laptops, wireless routers, etc.) into any network socket. Maybe someone already did...