Solved

PacketFence - Blocking OS

Posted on 2014-03-05
3
1,228 Views
Last Modified: 2014-03-06
Hello all

We are trying to implement PacketFence on our network with the sole purpose of blocking Windows XP (a full implementation needs to wait).

set up a Linux Server with all the necessary services running.
created the VLANS as requested
set up a Cisco 3560 switch on PF for production
have a station connected to that switch and PF does put in the ISOLATION vlan.

When I tried to add a violation to include Windows XP (OS Class 100) the option was not available on the dropdown menu options, how do you add it in order to create the violation?

Thanks in advance
0
Comment
Question by:CocoCounty
  • 2
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
trying to see the support archive can sieve any thing close to your encounter and there is one close though it is trying to detect AP but it used the "trigger" such as "trigger=OS::4" and customised a violation id via the violations.conf. maybe can find this file and see if the violation id has any on Windows XP....

e.g. http://sourceforge.net/p/packetfence/mailman/message/27993414/

PacketFence policy violations are controlled using the /usr/local/pf/conf/violations.conf
configuration file. There is a "trigger" field, formatted as type::ID. The type can be Detect (Snort), Nessus, OpenVAS, OS (DHCP Fingerprint Detection), UserAgent (Browser signature), VendorMAC (MAC address class), SoH (Statement of Health filter), Accounting, etc.

I did a search in the archive on DHCP OS fingerprint but did not managed to sieve through all though so maybe you can catch it too

http://sourceforge.net/p/packetfence/mailman/search/?q=DHCP+OS+fingerprint

Others...

Here is an old article using command  /usr/local/pf/bin/pfcmd report os and the system will return the os in the network monitor. If window xp is identified then the box should be functioning as it is.

http://www.techrepublic.com/article/solutionbase-use-packetfence-to-stop-unwanted-network-traffic/

The /usr/local/pf/bin/pfcmd config help is suppose to let you see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

Admin guide has info on the violation.id and more as well on the various fields - http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.1.0.pdf
0
 

Author Comment

by:CocoCounty
Comment Utility
Thanks Breadtan, we have now made advancements on the deployment.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Glad to have help
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now