Solved

PacketFence - Blocking OS

Posted on 2014-03-05
3
1,243 Views
Last Modified: 2014-03-06
Hello all

We are trying to implement PacketFence on our network with the sole purpose of blocking Windows XP (a full implementation needs to wait).

set up a Linux Server with all the necessary services running.
created the VLANS as requested
set up a Cisco 3560 switch on PF for production
have a station connected to that switch and PF does put in the ISOLATION vlan.

When I tried to add a violation to include Windows XP (OS Class 100) the option was not available on the dropdown menu options, how do you add it in order to create the violation?

Thanks in advance
0
Comment
Question by:CocoCounty
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39909070
trying to see the support archive can sieve any thing close to your encounter and there is one close though it is trying to detect AP but it used the "trigger" such as "trigger=OS::4" and customised a violation id via the violations.conf. maybe can find this file and see if the violation id has any on Windows XP....

e.g. http://sourceforge.net/p/packetfence/mailman/message/27993414/

PacketFence policy violations are controlled using the /usr/local/pf/conf/violations.conf
configuration file. There is a "trigger" field, formatted as type::ID. The type can be Detect (Snort), Nessus, OpenVAS, OS (DHCP Fingerprint Detection), UserAgent (Browser signature), VendorMAC (MAC address class), SoH (Statement of Health filter), Accounting, etc.

I did a search in the archive on DHCP OS fingerprint but did not managed to sieve through all though so maybe you can catch it too

http://sourceforge.net/p/packetfence/mailman/search/?q=DHCP+OS+fingerprint

Others...

Here is an old article using command  /usr/local/pf/bin/pfcmd report os and the system will return the os in the network monitor. If window xp is identified then the box should be functioning as it is.

http://www.techrepublic.com/article/solutionbase-use-packetfence-to-stop-unwanted-network-traffic/

The /usr/local/pf/bin/pfcmd config help is suppose to let you see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

Admin guide has info on the violation.id and more as well on the various fields - http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.1.0.pdf
0
 

Author Comment

by:CocoCounty
ID: 39909320
Thanks Breadtan, we have now made advancements on the deployment.
0
 
LVL 62

Expert Comment

by:btan
ID: 39909508
Glad to have help
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question