Link to home
Start Free TrialLog in
Avatar of Manojtanwar
Manojtanwar

asked on

how to block user to use static ip

Sir,

we have one lease line with 25 static ip. we give one user to one static ip 59.145.197.45 these user have also 3 more pc. now thise user take 46 static ip also because this ip is not in use can stop this user to take static ip

thanks
manoj
Avatar of Member_2_4694817
Member_2_4694817

The ip given belongs to the APNIC range 59.145.197.0 - 59.145.197.63
Are there any further network subdivisions and routers in place?
At which points do you have control?
Using static arp entries at the parent router might help...
Avatar of Manojtanwar

ASKER

sir we dont have router we get a lan wire from service provider and these static IP can i restrict them. if router needed which router is required pls specify model if possible tell cisco router model

thanks

Well, about any router would do.
However, if you get a lan wire which serves the complete net range, you'd cut off the back routes, so an internal router is not really an option..
But you *do* have a firewall, don't you?
Dear sir
we dont have firewall yet. pls suggest me which firewall is good. how to use this firewall to block this type of incident.

thanks
Are you serious? I'm almost panicking...
Indeed, I see several MS windows machines which are blocking access to the windows typical ports 135, 137-139, 445 (in fact this is what makes me think they are windows in the first place, but see below). But others have telnet, http, printer ports,vnc and more.
In fact the Exchange server dhbvnlm.DHBVNL.local has 32(!) ports open to the internet.

At one of the IPs you seem to have a D-Link router (or D-Link webcam?) and at one a ML-3050 Series printer (name: SEC00159926E72C), so apparently not all machines are Windows boxes. However, do yuo really want the world to access all your resources (I just produced a demo page on the ML-3050 to show you how seriously open your net is; this required no cracking at all, just clicking through a publicly available web page without the slightest "don't do that" notes or other obstacles) - and also the CLX3160FN invites everybody to upload arbitrary print file

If you really don't have a firewall, I'd bet that at least some of your hosts are seriously infected.
Leaving a net open like this without a  firewall is ver dangerous!
dear sir

thanks for your help. now please tell me how can i stop this which firewall i have to use. pls tell me in detail and how can u print the test page without my id and password of computer.

thanks
Dear sir
now i have changed the settings pls give me self print command from outside pls do it and let me know

thanks
The printers have web interfaces from which a lot can be done. And of course they also act as network print servers. If you don' t need them accessible from outside, you may want do reconfigure the network settings and simply remove the default gateway.
This is of course no replacement for a firewall. In my opinion *any* firewall will do (esp. any firewall is better than no firewall). I personally usually use linux vased software firewalls like ipCop or shorewall. But you can also get appliances. However, maybe someone else can jump in for recommendations.
Avatar of Bill Bach
Q: What firewall is better than no firewall?
A: ANY firewall is better than no firewall!

In short -- it doesn't matter.  If you like Cisco equipment, then look at a PIX.  If you like SonicWall (my favorite), then look at them.  Or get a DLink.  Or a NetGear.  Or a WatchBox.  It doesn't matter -- just get SOMETHING!  

Each manufacturer will have various models, depending on the size of the network, the number of concurrent users, the link speed, and the performance, and some even come with additional features link VPN, SSLVPN, wireless gateways, and more.  Look for something that provides easy management capability (one of the reason I like SonicWall), along with any other features you need.  Start with the SonicWall TZ180, TZ190 or TZ210 lines for smaller sites, or look at their larger boxes for larger sites.

A firewall does a few basic things.  First, it protects access to your network from the big, bad, outside world, only allowing ports that you specifically open up to that world.  This prevents people from doing nasty things (like using up all the paper in your printer).  Another thing it does is provide additional protection via Network Address Translation (NAT), which provides for a local set of network addresses, and a LIMITED set of public addresses.  As such, you can define exactly which public addresses should be used, and to which computers they should be assigned.  Everyone else gets a "private" network address and is therefore inaccessible from the public 'Net.  This should address your original problem of taking up too many public addresses, too.
Dear thehagman
if i remove defualt gateway then how can i use internet.
ASKER CERTIFIED SOLUTION
Avatar of Member_2_4694817
Member_2_4694817

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial