Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to block a device on the network

Posted on 2010-09-08
21
Medium Priority
?
480 Views
Last Modified: 2012-05-10
I have an unidentified device pulling an IP address off and on - throughout the day (likely a smart-phone) and want to temporarily prevent it from pulling an address so I can determine who's it is.  All I have is the Mac Address.  Could I do this via my firewall (SonicWall) or via my DHCP server settings?  Thanks.
0
Comment
Question by:LTWadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
  • 2
  • +2
21 Comments
 
LVL 5

Expert Comment

by:godd31
ID: 33630358
You may want to look at your router, log in to the routers configuration page and see if you can block that MAC address from obtaining a valid IP. Assuming this is a home computer and you have full access to that equipment...
0
 
LVL 6

Accepted Solution

by:
fluk3d earned 1000 total points
ID: 33630368
If you have the mac address you can do a OUI lookup and it should tell you the manf. of the wireless interface.

http://standards.ieee.org/regauth/oui/index.shtml

Depending what device is serving DHCP I would assign it a reserved IP then when it registers on your network it should get a hostname like Bob iPHONE or Jim's Blackberry or even Blackberry 9700 and you can narrow it down to what type of device it is.

I'm assuming this is a wifi connection so it will be harder to track down exactly where the device is. If it was cat5 you could narrow it down to the port on the switch.

If you are concerned about this device getting out to the internet while preforming these tests you can create a LAN to WAN rule on your firewall (sonicwall) preventing the reserved IP to get to any WAN subnets

-e
0
 
LVL 25

Assisted Solution

by:Brian B
Brian B earned 1000 total points
ID: 33630369
You could set up an IP reservation for that MAC address. Make it outside your useable range if possible, otherwise then you have a known IP you can block at the firewall.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:LTWadmin
ID: 33630375
godd31: sorry I should have mentioned that we don't own/have access to our ISP provided router...
0
 

Author Comment

by:LTWadmin
ID: 33630395
fluk3d - thanks.  I'm actually just concerned with flushing out the device once it stops functioning...
0
 

Author Comment

by:LTWadmin
ID: 33630408
Also should mention the IP is DHCP provided (i.e. not in my reserved/static IP list)...
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630413
so have you looked up the MAC on the IEEE website so we can get a better idea what the device actually is?

when you say just concerned with flushing out the device once it stops functioning... what exactly does that mean?
0
 

Author Comment

by:LTWadmin
ID: 33630444
fluk3d: I was hopeful about the OUI lookup but it came up unrecognized.  If I posted the address here could I expose the device to exploit?
0
 

Author Comment

by:LTWadmin
ID: 33630462
fluk3d: my thinking was that if I can deny the device an IP, someone would walk in with a complaint sooner or later...  
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630474
no need to post address of the device I wouldn't reccomended it. You are really limited on your options. Dpeneding on what type of sonicwall you have either a NSA/TZ series the only other thing I could think of is to allow it on the network, and setup a syslog server, and track what sites it goes to see you can get a better idea.

Are you using a commerical AP, is this even a wireless connection that the rogue device is connecting to?
0
 

Author Comment

by:LTWadmin
ID: 33630480
TBone2K: I know the IP also but wouldn't the device just pull another address from the DHCP server?
0
 
LVL 25

Expert Comment

by:Brian B
ID: 33630489
As I said, if you have the MAC you should be able to set up a reservation and block it at the firewall. At least that way it can't get outside access. No access to the router required.
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630499
Setup a DHCP reservation but for the gateway but 127.0.0.1 or some bogus IP for the DHCP options. The device will not be able to get online, and eventually someone will complain. As for denying the device an IP I have yet to see a SonicWALL device do that, and if your DHCP server is running windows I'm sure there might be a way
0
 

Author Comment

by:LTWadmin
ID: 33630522
fluk3d: makes sense but I'm surprised I'd be limited in my options other than to send an email address to suspect device owner's asking them to check their MAC addresses...  Having a technique for doing this will allow me to watch for rogue devices as I have our SpiceWorks system setup to alert me anytime an unidentified device connects to the network here...

Not a networking expert so my apologies to all for any apparent stupidity... :)
0
 

Author Comment

by:LTWadmin
ID: 33630539
fluk3d: Again to all more info sorry.  The DHCP server is a Windows 2003 based server...
0
 

Author Comment

by:LTWadmin
ID: 33630547
TBone2K: Okay - I'll have a look.  Stand by...
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630550
If you wanted to harden your system you could look into 802.1x for your network devices which will use a RADIUS/NAP server to authenticate credentials (domain/user) and then allow access to the network.

At least this way you can have a log of which user logged in and what time and the credentials they used will be key to finding out who provided access to that device.
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33630559
If you need help setting up a dhcp reservation in windows let us know.

-e
0
 

Author Comment

by:LTWadmin
ID: 33630567
fluk3d: always looking to harden - great suggestion thanks.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 33630819
Most wireless routers and access points I've ever seen (if not all) have a MAC address filter, which will allow you to prevent a given MAC address from connecting to the wireless network.  Assuming you only have one or two wireless access points or routers, that'd probably be the easiest (assuming, of course, it's actually a wireless device and not cabled to the network).
0
 

Author Closing Comment

by:LTWadmin
ID: 33774029
Points awarded for convenience to me at this point.  Haven't had a chance to look into your suggestions yet but thanks.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question