Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PacketFence - Blocking OS

Posted on 2014-03-05
3
1,253 Views
Last Modified: 2014-03-06
Hello all

We are trying to implement PacketFence on our network with the sole purpose of blocking Windows XP (a full implementation needs to wait).

set up a Linux Server with all the necessary services running.
created the VLANS as requested
set up a Cisco 3560 switch on PF for production
have a station connected to that switch and PF does put in the ISOLATION vlan.

When I tried to add a violation to include Windows XP (OS Class 100) the option was not available on the dropdown menu options, how do you add it in order to create the violation?

Thanks in advance
0
Comment
Question by:CocoCounty
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39909070
trying to see the support archive can sieve any thing close to your encounter and there is one close though it is trying to detect AP but it used the "trigger" such as "trigger=OS::4" and customised a violation id via the violations.conf. maybe can find this file and see if the violation id has any on Windows XP....

e.g. http://sourceforge.net/p/packetfence/mailman/message/27993414/

PacketFence policy violations are controlled using the /usr/local/pf/conf/violations.conf
configuration file. There is a "trigger" field, formatted as type::ID. The type can be Detect (Snort), Nessus, OpenVAS, OS (DHCP Fingerprint Detection), UserAgent (Browser signature), VendorMAC (MAC address class), SoH (Statement of Health filter), Accounting, etc.

I did a search in the archive on DHCP OS fingerprint but did not managed to sieve through all though so maybe you can catch it too

http://sourceforge.net/p/packetfence/mailman/search/?q=DHCP+OS+fingerprint

Others...

Here is an old article using command  /usr/local/pf/bin/pfcmd report os and the system will return the os in the network monitor. If window xp is identified then the box should be functioning as it is.

http://www.techrepublic.com/article/solutionbase-use-packetfence-to-stop-unwanted-network-traffic/

The /usr/local/pf/bin/pfcmd config help is suppose to let you see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

Admin guide has info on the violation.id and more as well on the various fields - http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.1.0.pdf
0
 

Author Comment

by:CocoCounty
ID: 39909320
Thanks Breadtan, we have now made advancements on the deployment.
0
 
LVL 63

Expert Comment

by:btan
ID: 39909508
Glad to have help
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question