Solved

PacketFence - Blocking OS

Posted on 2014-03-05
3
1,263 Views
Last Modified: 2014-03-06
Hello all

We are trying to implement PacketFence on our network with the sole purpose of blocking Windows XP (a full implementation needs to wait).

set up a Linux Server with all the necessary services running.
created the VLANS as requested
set up a Cisco 3560 switch on PF for production
have a station connected to that switch and PF does put in the ISOLATION vlan.

When I tried to add a violation to include Windows XP (OS Class 100) the option was not available on the dropdown menu options, how do you add it in order to create the violation?

Thanks in advance
0
Comment
Question by:CocoCounty
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39909070
trying to see the support archive can sieve any thing close to your encounter and there is one close though it is trying to detect AP but it used the "trigger" such as "trigger=OS::4" and customised a violation id via the violations.conf. maybe can find this file and see if the violation id has any on Windows XP....

e.g. http://sourceforge.net/p/packetfence/mailman/message/27993414/

PacketFence policy violations are controlled using the /usr/local/pf/conf/violations.conf
configuration file. There is a "trigger" field, formatted as type::ID. The type can be Detect (Snort), Nessus, OpenVAS, OS (DHCP Fingerprint Detection), UserAgent (Browser signature), VendorMAC (MAC address class), SoH (Statement of Health filter), Accounting, etc.

I did a search in the archive on DHCP OS fingerprint but did not managed to sieve through all though so maybe you can catch it too

http://sourceforge.net/p/packetfence/mailman/search/?q=DHCP+OS+fingerprint

Others...

Here is an old article using command  /usr/local/pf/bin/pfcmd report os and the system will return the os in the network monitor. If window xp is identified then the box should be functioning as it is.

http://www.techrepublic.com/article/solutionbase-use-packetfence-to-stop-unwanted-network-traffic/

The /usr/local/pf/bin/pfcmd config help is suppose to let you see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

Admin guide has info on the violation.id and more as well on the various fields - http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.1.0.pdf
0
 

Author Comment

by:CocoCounty
ID: 39909320
Thanks Breadtan, we have now made advancements on the deployment.
0
 
LVL 63

Expert Comment

by:btan
ID: 39909508
Glad to have help
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question