[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

PacketFence - Blocking OS

Posted on 2014-03-05
3
Medium Priority
?
1,328 Views
Last Modified: 2014-03-06
Hello all

We are trying to implement PacketFence on our network with the sole purpose of blocking Windows XP (a full implementation needs to wait).

set up a Linux Server with all the necessary services running.
created the VLANS as requested
set up a Cisco 3560 switch on PF for production
have a station connected to that switch and PF does put in the ISOLATION vlan.

When I tried to add a violation to include Windows XP (OS Class 100) the option was not available on the dropdown menu options, how do you add it in order to create the violation?

Thanks in advance
0
Comment
Question by:CocoCounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39909070
trying to see the support archive can sieve any thing close to your encounter and there is one close though it is trying to detect AP but it used the "trigger" such as "trigger=OS::4" and customised a violation id via the violations.conf. maybe can find this file and see if the violation id has any on Windows XP....

e.g. http://sourceforge.net/p/packetfence/mailman/message/27993414/

PacketFence policy violations are controlled using the /usr/local/pf/conf/violations.conf
configuration file. There is a "trigger" field, formatted as type::ID. The type can be Detect (Snort), Nessus, OpenVAS, OS (DHCP Fingerprint Detection), UserAgent (Browser signature), VendorMAC (MAC address class), SoH (Statement of Health filter), Accounting, etc.

I did a search in the archive on DHCP OS fingerprint but did not managed to sieve through all though so maybe you can catch it too

http://sourceforge.net/p/packetfence/mailman/search/?q=DHCP+OS+fingerprint

Others...

Here is an old article using command  /usr/local/pf/bin/pfcmd report os and the system will return the os in the network monitor. If window xp is identified then the box should be functioning as it is.

http://www.techrepublic.com/article/solutionbase-use-packetfence-to-stop-unwanted-network-traffic/

The /usr/local/pf/bin/pfcmd config help is suppose to let you see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

Admin guide has info on the violation.id and more as well on the various fields - http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.1.0.pdf
0
 

Author Comment

by:CocoCounty
ID: 39909320
Thanks Breadtan, we have now made advancements on the deployment.
0
 
LVL 65

Expert Comment

by:btan
ID: 39909508
Glad to have help
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question