Avatar of Manojtanwar
Manojtanwar asked on

how to block user to use static ip

Sir,

we have one lease line with 25 static ip. we give one user to one static ip 59.145.197.45 these user have also 3 more pc. now thise user take 46 static ip also because this ip is not in use can stop this user to take static ip

thanks
manoj
Networking ProtocolsNetwork Management

Avatar of undefined
Last Comment
Member_2_4694817

8/22/2022 - Mon
Member_2_4694817

The ip given belongs to the APNIC range 59.145.197.0 - 59.145.197.63
Are there any further network subdivisions and routers in place?
At which points do you have control?
Using static arp entries at the parent router might help...
ASKER
Manojtanwar

sir we dont have router we get a lan wire from service provider and these static IP can i restrict them. if router needed which router is required pls specify model if possible tell cisco router model

thanks

Member_2_4694817

Well, about any router would do.
However, if you get a lan wire which serves the complete net range, you'd cut off the back routes, so an internal router is not really an option..
But you *do* have a firewall, don't you?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
Manojtanwar

Dear sir
we dont have firewall yet. pls suggest me which firewall is good. how to use this firewall to block this type of incident.

thanks
Member_2_4694817

Are you serious? I'm almost panicking...
Indeed, I see several MS windows machines which are blocking access to the windows typical ports 135, 137-139, 445 (in fact this is what makes me think they are windows in the first place, but see below). But others have telnet, http, printer ports,vnc and more.
In fact the Exchange server dhbvnlm.DHBVNL.local has 32(!) ports open to the internet.

At one of the IPs you seem to have a D-Link router (or D-Link webcam?) and at one a ML-3050 Series printer (name: SEC00159926E72C), so apparently not all machines are Windows boxes. However, do yuo really want the world to access all your resources (I just produced a demo page on the ML-3050 to show you how seriously open your net is; this required no cracking at all, just clicking through a publicly available web page without the slightest "don't do that" notes or other obstacles) - and also the CLX3160FN invites everybody to upload arbitrary print file

If you really don't have a firewall, I'd bet that at least some of your hosts are seriously infected.
Leaving a net open like this without a  firewall is ver dangerous!
ASKER
Manojtanwar

dear sir

thanks for your help. now please tell me how can i stop this which firewall i have to use. pls tell me in detail and how can u print the test page without my id and password of computer.

thanks
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Manojtanwar

Dear sir
now i have changed the settings pls give me self print command from outside pls do it and let me know

thanks
Member_2_4694817

The printers have web interfaces from which a lot can be done. And of course they also act as network print servers. If you don' t need them accessible from outside, you may want do reconfigure the network settings and simply remove the default gateway.
This is of course no replacement for a firewall. In my opinion *any* firewall will do (esp. any firewall is better than no firewall). I personally usually use linux vased software firewalls like ipCop or shorewall. But you can also get appliances. However, maybe someone else can jump in for recommendations.
Bill Bach

Q: What firewall is better than no firewall?
A: ANY firewall is better than no firewall!

In short -- it doesn't matter.  If you like Cisco equipment, then look at a PIX.  If you like SonicWall (my favorite), then look at them.  Or get a DLink.  Or a NetGear.  Or a WatchBox.  It doesn't matter -- just get SOMETHING!  

Each manufacturer will have various models, depending on the size of the network, the number of concurrent users, the link speed, and the performance, and some even come with additional features link VPN, SSLVPN, wireless gateways, and more.  Look for something that provides easy management capability (one of the reason I like SonicWall), along with any other features you need.  Start with the SonicWall TZ180, TZ190 or TZ210 lines for smaller sites, or look at their larger boxes for larger sites.

A firewall does a few basic things.  First, it protects access to your network from the big, bad, outside world, only allowing ports that you specifically open up to that world.  This prevents people from doing nasty things (like using up all the paper in your printer).  Another thing it does is provide additional protection via Network Address Translation (NAT), which provides for a local set of network addresses, and a LIMITED set of public addresses.  As such, you can define exactly which public addresses should be used, and to which computers they should be assigned.  Everyone else gets a "private" network address and is therefore inaccessible from the public 'Net.  This should address your original problem of taking up too many public addresses, too.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Manojtanwar

Dear thehagman
if i remove defualt gateway then how can i use internet.
ASKER CERTIFIED SOLUTION
Member_2_4694817

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question