Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

How to block a device on the network

I have an unidentified device pulling an IP address off and on - throughout the day (likely a smart-phone) and want to temporarily prevent it from pulling an address so I can determine who's it is.  All I have is the Mac Address.  Could I do this via my firewall (SonicWall) or via my DHCP server settings?  Thanks.
0
LTWadmin
Asked:
LTWadmin
  • 11
  • 6
  • 2
  • +2
2 Solutions
 
godd31Commented:
You may want to look at your router, log in to the routers configuration page and see if you can block that MAC address from obtaining a valid IP. Assuming this is a home computer and you have full access to that equipment...
0
 
fluk3dCommented:
If you have the mac address you can do a OUI lookup and it should tell you the manf. of the wireless interface.

http://standards.ieee.org/regauth/oui/index.shtml

Depending what device is serving DHCP I would assign it a reserved IP then when it registers on your network it should get a hostname like Bob iPHONE or Jim's Blackberry or even Blackberry 9700 and you can narrow it down to what type of device it is.

I'm assuming this is a wifi connection so it will be harder to track down exactly where the device is. If it was cat5 you could narrow it down to the port on the switch.

If you are concerned about this device getting out to the internet while preforming these tests you can create a LAN to WAN rule on your firewall (sonicwall) preventing the reserved IP to get to any WAN subnets

-e
0
 
Brian BIndependant Technology ProfessionalCommented:
You could set up an IP reservation for that MAC address. Make it outside your useable range if possible, otherwise then you have a known IP you can block at the firewall.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LTWadminAuthor Commented:
godd31: sorry I should have mentioned that we don't own/have access to our ISP provided router...
0
 
LTWadminAuthor Commented:
fluk3d - thanks.  I'm actually just concerned with flushing out the device once it stops functioning...
0
 
LTWadminAuthor Commented:
Also should mention the IP is DHCP provided (i.e. not in my reserved/static IP list)...
0
 
fluk3dCommented:
so have you looked up the MAC on the IEEE website so we can get a better idea what the device actually is?

when you say just concerned with flushing out the device once it stops functioning... what exactly does that mean?
0
 
LTWadminAuthor Commented:
fluk3d: I was hopeful about the OUI lookup but it came up unrecognized.  If I posted the address here could I expose the device to exploit?
0
 
LTWadminAuthor Commented:
fluk3d: my thinking was that if I can deny the device an IP, someone would walk in with a complaint sooner or later...  
0
 
fluk3dCommented:
no need to post address of the device I wouldn't reccomended it. You are really limited on your options. Dpeneding on what type of sonicwall you have either a NSA/TZ series the only other thing I could think of is to allow it on the network, and setup a syslog server, and track what sites it goes to see you can get a better idea.

Are you using a commerical AP, is this even a wireless connection that the rogue device is connecting to?
0
 
LTWadminAuthor Commented:
TBone2K: I know the IP also but wouldn't the device just pull another address from the DHCP server?
0
 
Brian BIndependant Technology ProfessionalCommented:
As I said, if you have the MAC you should be able to set up a reservation and block it at the firewall. At least that way it can't get outside access. No access to the router required.
0
 
fluk3dCommented:
Setup a DHCP reservation but for the gateway but 127.0.0.1 or some bogus IP for the DHCP options. The device will not be able to get online, and eventually someone will complain. As for denying the device an IP I have yet to see a SonicWALL device do that, and if your DHCP server is running windows I'm sure there might be a way
0
 
LTWadminAuthor Commented:
fluk3d: makes sense but I'm surprised I'd be limited in my options other than to send an email address to suspect device owner's asking them to check their MAC addresses...  Having a technique for doing this will allow me to watch for rogue devices as I have our SpiceWorks system setup to alert me anytime an unidentified device connects to the network here...

Not a networking expert so my apologies to all for any apparent stupidity... :)
0
 
LTWadminAuthor Commented:
fluk3d: Again to all more info sorry.  The DHCP server is a Windows 2003 based server...
0
 
LTWadminAuthor Commented:
TBone2K: Okay - I'll have a look.  Stand by...
0
 
fluk3dCommented:
If you wanted to harden your system you could look into 802.1x for your network devices which will use a RADIUS/NAP server to authenticate credentials (domain/user) and then allow access to the network.

At least this way you can have a log of which user logged in and what time and the credentials they used will be key to finding out who provided access to that device.
0
 
fluk3dCommented:
If you need help setting up a dhcp reservation in windows let us know.

-e
0
 
LTWadminAuthor Commented:
fluk3d: always looking to harden - great suggestion thanks.
0
 
Todd GerbertIT ConsultantCommented:
Most wireless routers and access points I've ever seen (if not all) have a MAC address filter, which will allow you to prevent a given MAC address from connecting to the wireless network.  Assuming you only have one or two wireless access points or routers, that'd probably be the easiest (assuming, of course, it's actually a wireless device and not cabled to the network).
0
 
LTWadminAuthor Commented:
Points awarded for convenience to me at this point.  Haven't had a chance to look into your suggestions yet but thanks.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 11
  • 6
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now