Solved

How to block a device on the network

Posted on 2010-09-08
21
434 Views
Last Modified: 2012-05-10
I have an unidentified device pulling an IP address off and on - throughout the day (likely a smart-phone) and want to temporarily prevent it from pulling an address so I can determine who's it is.  All I have is the Mac Address.  Could I do this via my firewall (SonicWall) or via my DHCP server settings?  Thanks.
0
Comment
Question by:LTWadmin
  • 11
  • 6
  • 2
  • +2
21 Comments
 
LVL 5

Expert Comment

by:godd31
ID: 33630358
You may want to look at your router, log in to the routers configuration page and see if you can block that MAC address from obtaining a valid IP. Assuming this is a home computer and you have full access to that equipment...
0
 
LVL 6

Accepted Solution

by:
fluk3d earned 250 total points
ID: 33630368
If you have the mac address you can do a OUI lookup and it should tell you the manf. of the wireless interface.

http://standards.ieee.org/regauth/oui/index.shtml

Depending what device is serving DHCP I would assign it a reserved IP then when it registers on your network it should get a hostname like Bob iPHONE or Jim's Blackberry or even Blackberry 9700 and you can narrow it down to what type of device it is.

I'm assuming this is a wifi connection so it will be harder to track down exactly where the device is. If it was cat5 you could narrow it down to the port on the switch.

If you are concerned about this device getting out to the internet while preforming these tests you can create a LAN to WAN rule on your firewall (sonicwall) preventing the reserved IP to get to any WAN subnets

-e
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 250 total points
ID: 33630369
You could set up an IP reservation for that MAC address. Make it outside your useable range if possible, otherwise then you have a known IP you can block at the firewall.
0
 

Author Comment

by:LTWadmin
ID: 33630375
godd31: sorry I should have mentioned that we don't own/have access to our ISP provided router...
0
 

Author Comment

by:LTWadmin
ID: 33630395
fluk3d - thanks.  I'm actually just concerned with flushing out the device once it stops functioning...
0
 

Author Comment

by:LTWadmin
ID: 33630408
Also should mention the IP is DHCP provided (i.e. not in my reserved/static IP list)...
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630413
so have you looked up the MAC on the IEEE website so we can get a better idea what the device actually is?

when you say just concerned with flushing out the device once it stops functioning... what exactly does that mean?
0
 

Author Comment

by:LTWadmin
ID: 33630444
fluk3d: I was hopeful about the OUI lookup but it came up unrecognized.  If I posted the address here could I expose the device to exploit?
0
 

Author Comment

by:LTWadmin
ID: 33630462
fluk3d: my thinking was that if I can deny the device an IP, someone would walk in with a complaint sooner or later...  
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630474
no need to post address of the device I wouldn't reccomended it. You are really limited on your options. Dpeneding on what type of sonicwall you have either a NSA/TZ series the only other thing I could think of is to allow it on the network, and setup a syslog server, and track what sites it goes to see you can get a better idea.

Are you using a commerical AP, is this even a wireless connection that the rogue device is connecting to?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:LTWadmin
ID: 33630480
TBone2K: I know the IP also but wouldn't the device just pull another address from the DHCP server?
0
 
LVL 23

Expert Comment

by:Brian B
ID: 33630489
As I said, if you have the MAC you should be able to set up a reservation and block it at the firewall. At least that way it can't get outside access. No access to the router required.
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630499
Setup a DHCP reservation but for the gateway but 127.0.0.1 or some bogus IP for the DHCP options. The device will not be able to get online, and eventually someone will complain. As for denying the device an IP I have yet to see a SonicWALL device do that, and if your DHCP server is running windows I'm sure there might be a way
0
 

Author Comment

by:LTWadmin
ID: 33630522
fluk3d: makes sense but I'm surprised I'd be limited in my options other than to send an email address to suspect device owner's asking them to check their MAC addresses...  Having a technique for doing this will allow me to watch for rogue devices as I have our SpiceWorks system setup to alert me anytime an unidentified device connects to the network here...

Not a networking expert so my apologies to all for any apparent stupidity... :)
0
 

Author Comment

by:LTWadmin
ID: 33630539
fluk3d: Again to all more info sorry.  The DHCP server is a Windows 2003 based server...
0
 

Author Comment

by:LTWadmin
ID: 33630547
TBone2K: Okay - I'll have a look.  Stand by...
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630550
If you wanted to harden your system you could look into 802.1x for your network devices which will use a RADIUS/NAP server to authenticate credentials (domain/user) and then allow access to the network.

At least this way you can have a log of which user logged in and what time and the credentials they used will be key to finding out who provided access to that device.
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630559
If you need help setting up a dhcp reservation in windows let us know.

-e
0
 

Author Comment

by:LTWadmin
ID: 33630567
fluk3d: always looking to harden - great suggestion thanks.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33630819
Most wireless routers and access points I've ever seen (if not all) have a MAC address filter, which will allow you to prevent a given MAC address from connecting to the wireless network.  Assuming you only have one or two wireless access points or routers, that'd probably be the easiest (assuming, of course, it's actually a wireless device and not cabled to the network).
0
 

Author Closing Comment

by:LTWadmin
ID: 33774029
Points awarded for convenience to me at this point.  Haven't had a chance to look into your suggestions yet but thanks.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now