Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Detecting/Preventing Rouge Clients

Status
Not open for further replies.
PU36

PU36

MIS
Mar 16, 2005
202
US
I'm running Windows 2003 utilizing DHCP for all clients. Every day I see that a non domain computer connects to our VPN (Sonicwall) and obtains an IP address fromour DHCP Server.

How can I prevent this user from getting an IP address OR how can I give this computer an IP address on a different netework and scope that they will be forced to contact up to setermine the issue?

I have tried to create a new scope with a Class C network (We are on an A) and had their mac to the reservation. However the VPN always gives the computer the current network.

Any thoughts would be great.

Thanks
 
Sort by date Sort by votes
I dont understand your issue. Is this an unauthorized connection to your vpn? If that is the case i would be more concerned about the breach of security at your router. Vpns should require some sort of authentication to complete the vpn connection. You should change the passwords.

RoadKi11
 
Upvote 0 Downvote
It does require authentication and a certificate, however the machine that connects is not part of our domain, which leads me to think that a remote user have moved the client/cert/password to their home machine and is accessing or netowkr from there. I want to find out who this user is but forcing them to contact us with network issues.

Judging by the logs they are connecting to the VPN and accessing only 1 machine on our network. It is machine desinged for specific tasks and only partiular people would ever access it, so before I just go ask the people I want information about why is a "Non-Domain" computer accessing our network?
 
Upvote 0 Downvote
I am not familure with Sonicwall or how robust they are. have you looked through the sonicwall interface for a method to block/deny traffic from a MAC or IP?

RoadKi11
 
Upvote 0 Downvote
I have looked and I couldn't find anything regarding that. That is the first place that I looked.

It might be bury in one of the features sets but for the life of me can't find it.
 
Upvote 0 Downvote
Change the VPN passwords.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

fillthy
  • Locked
  • Question
ASA 5510 Split Tunnel Nat issue Any Connect VPN Clients
Replies
2
Views
55
fillthy
fillthy
crazypbx
  • Locked
  • Question
ASA version 8.3 and Older Clients
Replies
0
Views
42
crazypbx
crazypbx
wellerw
  • Locked
  • Question
ASA 804-k8 - VPN clients
Replies
0
Views
31
wellerw
wellerw
SimonMag
  • Locked
  • Question
Rouge System Sensor 2.0
Replies
0
Views
27
SimonMag
SimonMag
melbert09
  • Locked
  • Question
remote VPN clients dropping connection after 5 min
Replies
4
Views
63
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top