Question

kill or disable an IP address over a network

Asked by: devarioj

Hey guys.. I need an aswer asap,  How do I kill or disable an IP address over a network, using the dos command line or other?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2003-10-29 at 07:57:09ID20781820
Tags

ip

Topics

Miscellaneous Networking

,

Dynamic Host Configuration Protocol (DHCP)

,

Domain Name Service (DNS)

Participating Experts
12
Points
500
Comments
37

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. How to kill screensaver....
    I think this is a fairly easy question but I dont have the time to look into it myself at the moment so I'll put 75 points on it.... I have a small little app running on NT systems that allows the user to enter 8 times (ie 8:00,8:35,etc.) and then flashes on the screen a win...
  2. Killing an IP in a IP Masq system
    I am running a linux box (currently using 2.0.36 kernal) using IP Masquerading to serve my living group with internet service from a cable modem. Now I need to be able to make a few address ranges in our subnet unable to access the internet. Is there a fairly simple way to ki...
  3. Kill process
    Main question : how to kill a process (Delphi 5 or 7(as U want) , XP ) Origin : I use Firebird Classic as DB. For each connection, a new firebird process is created on the server. this would not be a problem, except when the Client lose the connection for any resaon (ha...
  4. Service Pack 2 killed my wireless...
    Service Pack 2 killed my wireless... After installing SP2 for XP I can no longer connect to my wireless network. I turned off the firewall after and rebooted. Still no connectivity. When I uninstall SP2 all is well again and I can connect fine, so I know there is nothing ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: PsiCopPosted on 2003-10-29 at 08:01:02ID: 9642874

What exactly are you trying to do? If you're trying to DOS someone, we can't help you.

 

by: PsiCopPosted on 2003-10-29 at 08:01:27ID: 9642881

Or perhaps more to the point, we WON'T help you if you're trying to DOS someone.

 

by: devariojPosted on 2003-10-29 at 08:05:41ID: 9642919

NO NO NO... we are having major network problems here at work, there are viruses running wild and there are machines here on the network killing it.  We need to disble the IP's to see if we can stop this.  We already disbled the machines in the active directory, but the problems are still coming.  we have over 5000 machines here and we need to do it this way...thank for any help I can get


        signed
a frustrated part time emplyee of Atlantis' IT department...

 

by: devariojPosted on 2003-10-29 at 08:07:13ID: 9642933

And we have ony 5 technitians working PC NT so we are trying to do it remotely.....

 

by: devariojPosted on 2003-10-29 at 08:19:00ID: 9643038

whoa when i said DOS i mean DOS PROMPT not DoS= denial of service!!!! lol lol

 

by: JFrederick29Posted on 2003-10-29 at 08:20:09ID: 9643048

Physically remove them from the network...pull the network cable out of the infected machines.  Then while they are disconnected from the network you can patch them and clean the viruses.

Once the machines are clean and patched, plug them back into the network.

If you can't get to the machine phsyically...

You could shut down their switch port remotely but of course you would have to know which port they are attached to...

 

by: PsiCopPosted on 2003-10-29 at 08:20:38ID: 9643052

Oh, well, your problem is you're running a buggy, virus-ridden piece of garbage OS from Redmond.

But knowing that doesn't immediately help you, so let's see what we can do to shield you from the folly of whoever was stupid enough to have your entire business enterprise rely on Windoze.

Have you identified the virus? Do you know HOW it is moving around your network?

Do you have any firewalls with which you can isolate it?

If you've identified it, is there a patch available, and what patch deployment tools do you have available?

There's no real way to "disable" an IP address. You can DOS the machine using that address, crash its IP stack and it will quit talking. If you have a sufficiently sophisticated network infrastructure, you can isolate the infected machines at their local switch. If you're in a flat IP space and using static IP addressing, you could have uninfected machines steal the IP addresses of the infected ones. If you're in a DHCP environment, you could have the DHCP server refuse to lease an address to a MAC address that you have identified as an infected machine (you still are stuck with the issue of how to cancel their existing lease).

There are a number of ways to approach your situation, and the determination of what approach is most effective depends a lot of exactly how your network infrastructure is designed and built and what tools you have at your disposal. Without knowing a lot more, its difficult to be more specific.

Long term, perhaps this experience will serve as a business case for moving AWAY from a 100% Micro$oft environment. For your NOS, take a look at NetWare v6.5 (http://www.novell.com/netware). For desktop management and directory-enabled patch deployment, look at Novell ZENworks (http://www.novell.com/zenworks).

 

by: devariojPosted on 2003-10-29 at 08:25:36ID: 9643092

the problem is trying to find them...the macines are named but they are not where they are supposed to be in terms of location.  The networks is extemely big but we are on a flat network that isnt segmented.  [We are trying to upgrade soon :p]  therefore it is highly impossible to locate the macines physically, that is the reason why we are trying to kill the IP over the network.  We ahve the IP address but cant find the physical machine, but we have the IP address so If we can just disable it we hope that can work....ANY SUGGESTIONS???

 

by: JFrederick29Posted on 2003-10-29 at 08:34:18ID: 9643157

You could look in your routers ARP cache and find out the MAC address's of the infected machines.  Then locate the MAC address in your switch's MAC-address-table and match it to the switch port.  Once you know what switch port it is you can administratively shut it down.

No traffic will be allowed from the infected PC to the network.

 

by: devariojPosted on 2003-10-29 at 08:35:51ID: 9643174

ok We are on a DHCP environment and we just need the machine(s) disabled today.  i saw someoen use  a kill comand in dos but I cant remember what it is.  We want to do it this way because when it is disabled the person will call saying they cant use the network that way we can find out where it is...... THANKS FOR ANY HELP!!!!

 

by: devariojPosted on 2003-10-29 at 08:41:35ID: 9643226

im increasin points !!!!!!! WE NEED HELP!!!!

 

by: PsiCopPosted on 2003-10-29 at 08:46:51ID: 9643289

Ooo....flat, unsegmented network. Bad news in your situation - there's no "border guards", no way to really control your network traffic. Every machine has uninhibited access to every other machine on the network.

Here's a solution - a bit drastic, but it may be the only practical approach. Shut down all your switches - at the port level if you can. Kill your network. Then go around machine to machine, clean/disinfect each one, apply the appropriate patches, and then bring its switch port back up and let it talk.

Its drastic, yes. It will sure as hell disrupt business operations. But given the environment you describe (100% M$, flat network, no segmenting, DHCP) it may be the only way to stop the malware spread.

 

by: JFrederick29Posted on 2003-10-29 at 08:47:29ID: 9643296

Maybe you are thinking about this?

http://www.experts-exchange.com/Operating_Systems/Q_20702167.html

It references killing an established connection to a computer.  This will not help you though.  I would find their mac address and shut down their switch port...

 

by: WadskiPosted on 2003-10-29 at 08:51:32ID: 9643348

use Command Prompt to message each machine in turn asking them to ring you.  Get as physical location for the machine and then isolate it on a VLAN and check its behaving.  Move onto next machine until everything is on new VLAN.  

Then remove VLAN and buy some AV software.

 

by: devariojPosted on 2003-10-29 at 09:02:51ID: 9643483

Hey guy we cant shut down business operations cuz this is Atlantis the biggest hotel in the world.....we need another approach...PLEASE :D (sorry for sounding so demanding)

 

by: PsiCopPosted on 2003-10-29 at 09:04:49ID: 9643504

Is Wadski's idea viable? Do you have VLAN capability? If you do, his idea is as good as any.

 

by: ShineOnPosted on 2003-10-29 at 09:12:35ID: 9643587

How many physical locations are we talking about?  Is this in one building/campus or is this on a WAN?

 

by: devariojPosted on 2003-10-29 at 09:20:25ID: 9643658

it is on a WAN

 

by: devariojPosted on 2003-10-29 at 09:23:26ID: 9643680

700 locations

 

by: devariojPosted on 2003-10-29 at 09:24:40ID: 9643694

ok thanks for all the help right, but the bottom line comes to this....is there a command using the Dos prompt that will allow me to kill an IP address

 

by: ShineOnPosted on 2003-10-29 at 09:26:10ID: 9643705

How many locations? - you say you have 5 techs and are trying to fix this remotely. Looks like you're in a world of hurt.

As the others have indicated, individual turning off of IP addresses isn't exactly a common activity.  If these folx can't figure out a way, it's not likely there is one that will help you, so I am going in another direction here.

Do you have any kind of antivirus running?  Do you have any enterprise desktop management software, like Zen for Desktops or LanDesk Manager, that can force execution remotely?

Have you identified the virus?  Does it have a "cleaner" utility available?  Is it one that exploits specific Microsoft vulnerabilities that have been addressed in service packs or hotfixes?  Does it use any particular service?  If you have a desktop management utility, can you remotely disable services?

 

by: PsiCopPosted on 2003-10-29 at 09:38:26ID: 9643818

Ah, I think I see what you're asking now.

Since you're in a DHCP environment, try the following in a DOS box:

ipconfig /release

That will cause the TCP/IP stack to give up its IP address assignment. At this juncture, TCP/IP is loaded but not bound to a specific adapter.

 

by: devariojPosted on 2003-10-29 at 09:41:57ID: 9643833

yah but is there a way we can do it REMOTELY

 

by: JConchiePosted on 2003-10-29 at 09:54:57ID: 9643928

NO! There is no remote way to do this........you need to follow the advise of the good folks above and stop shouting....you are in a world of hurt and there is no easy way out of this ........you are going to have to id the problem machine and pyhsically isolate it.  If you have enterprise AV running, it should identify the machine for you.  There are network mapping tools that can scan your network and match ip addresses to mac addresses.  Beyond that, if you don't have any idea where particular machines are in your physical environment, you are going to have to isolate them one-by one until you find the problem machine.

And if a virus is responsible, it is very likely that the infection has spread far beyond one machine, given your system design and apparent lack of AV resources.

http://oldlook.experts-exchange.com/Networking/WinNT_Networking/Q_20781787.html

 

by: ShineOnPosted on 2003-10-29 at 10:11:31ID: 9644054

Do you have any remote-control software loaded on the desktops?  

Without remote-control to the desktop (which would disconnect as soon as you kill IP) or enterprise desktop management software, you have no recourse.  Without one of those tools in place, there is no remote way, as JConchie said.

When you finally get this crisis cleaned up, you need to leverage it to get funding to purchase, install and implement several enterprise tools.  Enterprise A/V.  Enterprise desktop management.  Infrastructure reconfiguration.  Improved firewalling.  Corporate standard desktop configurations with lockdowns.  WAN redundancy/failover.

Like you said earlier, you can't afford to have your network out of service.  As Ben Franklin said, "an ounce of prevention is worth a pound of cure."  That means it's cheaper to avoid a problem than to fix an avoidable problem after the fact.

 

by: devariojPosted on 2003-10-29 at 10:34:17ID: 9644225

ok guys thanks for the help but I guess all is lost then...well have to do it one by one until something gives....We have mcgafee on all the machines by the way

 

by: oBdAPosted on 2003-10-29 at 13:46:07ID: 9645814

Try solving it using the logon script.
Create a list with your bad IP addresses (one IP per line). Put it into your netlogon share. Put logoff.exe and sleep.exe from the resource kit in the netlogon share as well.
Put the script below at the beginning of your logon script.
If the machine that the user uses to log on has a "bad" IP, it will display the message asking the user to report in, and log the user right back off after two minutes.
When the user calls, note his whereabouts and his IP. To enable him to work again, simply delete his IP from the bad list. Once the list is empty, you have the position all the machines.

====8<----[logon.cmd]----
@echo off
setlocal
set BadIPList=%LogonServer%\netlogon\badip.txt
for /f "tokens=2 delims=:" %%a in ('ipconfig ^| find /i "IP Address"') do set IP=%%a
set IP=%IP: =%
type "%BadIPList%" | find "%IP%" >NUL
if errorlevel 1 goto logon
net send %ComputerName% "Your computer (%IP%) is virus infected. Please call help desk at 555-5555 *immediately*. You will only be able to log on after you report in."
%logonserver%\netlogon\sleep.exe 120
%logonserver%\netlogon\logoff.exe /f /n

:logon
:: *** Put your regular logon script here:
====8<----[logon.cmd]----

 

by: learathPosted on 2003-10-29 at 13:55:34ID: 9645879

What type of switches are you running?  You can track mac from the ip, then block the MAC on most quality switches.  Contact me if you need help with Cisco switches, others I don't know well enough to help on.

 

by: JConchiePosted on 2003-10-29 at 14:31:53ID: 9646110

Bravo oBdA!  That sounds like the very thing!

 

by: cooleditPosted on 2003-10-29 at 14:45:00ID: 9646210

first thing to do kill (stop all running servers) SMTP espacially

 

by: GRiTechPosted on 2003-10-29 at 14:47:27ID: 9646223

Have you tried nbtstat -A xxx.xxx.xxx.xxx   where xxx is IPAdress   this should throw up the name of the person logged onto PC/s, who can then be contacted.

 

by: stevenlewisPosted on 2003-10-29 at 16:27:16ID: 9646747

Bottom line is there is no easy way to fix this
your IT manager should be flogged LOL
You say you are using Mcafee, definitions up to date?
What virus/virii are we dealing with?
check into lansurveyor
http://www.neon.com/gglls.html

 

by: n0cPosted on 2003-10-29 at 17:33:32ID: 9647006

try running shutdown.exe and pass it the ip address of the machine you want to shutdown...should be easily batched

 

by: WiiredPosted on 2003-11-04 at 16:48:53ID: 9683507

And I thought I was understaffed......

 

by: JConchiePosted on 2003-11-04 at 16:56:46ID: 9683550

devarioj,

When you get a chance to come up for air, a report from you on how you and your four cohorts finally dealt with this mess........and what changes you plan to make to your network as a result of this experience would be much appreciated by all of us.

We may not have been much help to you here, but your experience may be valuable to others down the line.

Thanks,
hope it has worked out.

 

by: devariojPosted on 2004-06-11 at 12:32:26ID: 11291877

ok guys, this is what happened....it took a very long time...but we got it down to a managable few hundred computers distributing the virii.  We never got it eradicated though...and I have quit since then and im back in school...to make sure if omething like that happens again, I can handle it and get a big promotion while eveyone else is scratching thier heads....thanks for all the help though....

 

by: devariojPosted on 2004-06-23 at 23:35:03ID: 11385961

ok guys here's the bottom line...becauses of all the help i recieved in this area im still going to award points...there's no reason why your efforts shouldnt go unrewarded...im bumping the points and sharing em out. :D

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...