kill or disable an IP address over a network

What exactly are you trying to do? If you're trying to DOS someone, we can't help you.

Or perhaps more to the point, we WON'T help you if you're trying to DOS someone.

NO NO NO... we are having major network problems here at work, there are viruses running wild and there are machines here on the network killing it.  We need to disble the IP's to see if we can stop this.  We already disbled the machines in the active directory, but the problems are still coming.  we have over 5000 machines here and we need to do it this way...thank for any help I can get


        signed
a frustrated part time emplyee of Atlantis' IT department...

And we have ony 5 technitians working PC NT so we are trying to do it remotely.....

whoa when i said DOS i mean DOS PROMPT not DoS= denial of service!!!! lol lol

the problem is trying to find them...the macines are named but they are not where they are supposed to be in terms of location.  The networks is extemely big but we are on a flat network that isnt segmented.  [We are trying to upgrade soon :p]  therefore it is highly impossible to locate the macines physically, that is the reason why we are trying to kill the IP over the network.  We ahve the IP address but cant find the physical machine, but we have the IP address so If we can just disable it we hope that can work....ANY SUGGESTIONS???

You could look in your routers ARP cache and find out the MAC address's of the infected machines.  Then locate the MAC address in your switch's MAC-address-table and match it to the switch port.  Once you know what switch port it is you can administratively shut it down.

No traffic will be allowed from the infected PC to the network.

ok We are on a DHCP environment and we just need the machine(s) disabled today.  i saw someoen use  a kill comand in dos but I cant remember what it is.  We want to do it this way because when it is disabled the person will call saying they cant use the network that way we can find out where it is...... THANKS FOR ANY HELP!!!!

im increasin points !!!!!!! WE NEED HELP!!!!

Ooo....flat, unsegmented network. Bad news in your situation - there's no "border guards", no way to really control your network traffic. Every machine has uninhibited access to every other machine on the network.

Here's a solution - a bit drastic, but it may be the only practical approach. Shut down all your switches - at the port level if you can. Kill your network. Then go around machine to machine, clean/disinfect each one, apply the appropriate patches, and then bring its switch port back up and let it talk.

Its drastic, yes. It will sure as hell disrupt business operations. But given the environment you describe (100% M$, flat network, no segmenting, DHCP) it may be the only way to stop the malware spread.

Maybe you are thinking about this?

https://www.experts-exchange.com/questions/20702167/how-can-I-kill-a-network-connection-on-Windows.html

It references killing an established connection to a computer.  This will not help you though.  I would find their mac address and shut down their switch port...

Hey guy we cant shut down business operations cuz this is Atlantis the biggest hotel in the world.....we need another approach...PLEASE :D (sorry for sounding so demanding)

Is Wadski's idea viable? Do you have VLAN capability? If you do, his idea is as good as any.

How many physical locations are we talking about?  Is this in one building/campus or is this on a WAN?

it is on a WAN

700 locations

ok thanks for all the help right, but the bottom line comes to this....is there a command using the Dos prompt that will allow me to kill an IP address

How many locations? - you say you have 5 techs and are trying to fix this remotely. Looks like you're in a world of hurt.

As the others have indicated, individual turning off of IP addresses isn't exactly a common activity.  If these folx can't figure out a way, it's not likely there is one that will help you, so I am going in another direction here.

Do you have any kind of antivirus running?  Do you have any enterprise desktop management software, like Zen for Desktops or LanDesk Manager, that can force execution remotely?

Have you identified the virus?  Does it have a "cleaner" utility available?  Is it one that exploits specific Microsoft vulnerabilities that have been addressed in service packs or hotfixes?  Does it use any particular service?  If you have a desktop management utility, can you remotely disable services?

Ah, I think I see what you're asking now.

Since you're in a DHCP environment, try the following in a DOS box:

ipconfig /release

That will cause the TCP/IP stack to give up its IP address assignment. At this juncture, TCP/IP is loaded but not bound to a specific adapter.

yah but is there a way we can do it REMOTELY

NO! There is no remote way to do this........you need to follow the advise of the good folks above and stop shouting....you are in a world of hurt and there is no easy way out of this ........you are going to have to id the problem machine and pyhsically isolate it.  If you have enterprise AV running, it should identify the machine for you.  There are network mapping tools that can scan your network and match ip addresses to mac addresses.  Beyond that, if you don't have any idea where particular machines are in your physical environment, you are going to have to isolate them one-by one until you find the problem machine.

And if a virus is responsible, it is very likely that the infection has spread far beyond one machine, given your system design and apparent lack of AV resources.

http://oldlook.experts-exchange.com/questions/20781787/How-do-I-disable-an-IP.html

Do you have any remote-control software loaded on the desktops?  

Without remote-control to the desktop (which would disconnect as soon as you kill IP) or enterprise desktop management software, you have no recourse.  Without one of those tools in place, there is no remote way, as JConchie said.

When you finally get this crisis cleaned up, you need to leverage it to get funding to purchase, install and implement several enterprise tools.  Enterprise A/V.  Enterprise desktop management.  Infrastructure reconfiguration.  Improved firewalling.  Corporate standard desktop configurations with lockdowns.  WAN redundancy/failover.

Like you said earlier, you can't afford to have your network out of service.  As Ben Franklin said, "an ounce of prevention is worth a pound of cure."  That means it's cheaper to avoid a problem than to fix an avoidable problem after the fact.

ok guys thanks for the help but I guess all is lost then...well have to do it one by one until something gives....We have mcgafee on all the machines by the way

What type of switches are you running?  You can track mac from the ip, then block the MAC on most quality switches.  Contact me if you need help with Cisco switches, others I don't know well enough to help on.

Bravo oBdA!  That sounds like the very thing!

try running shutdown.exe and pass it the ip address of the machine you want to shutdown...should be easily batched

And I thought I was understaffed......

devarioj,

When you get a chance to come up for air, a report from you on how you and your four cohorts finally dealt with this mess........and what changes you plan to make to your network as a result of this experience would be much appreciated by all of us.

We may not have been much help to you here, but your experience may be valuable to others down the line.

Thanks,
hope it has worked out.

ok guys, this is what happened....it took a very long time...but we got it down to a managable few hundred computers distributing the virii.  We never got it eradicated though...and I have quit since then and im back in school...to make sure if omething like that happens again, I can handle it and get a big promotion while eveyone else is scratching thier heads....thanks for all the help though....

ok guys here's the bottom line...becauses of all the help i recieved in this area im still going to award points...there's no reason why your efforts shouldnt go unrewarded...im bumping the points and sharing em out. :D