DHCP Reservation

[spaulding]

I've got someone plugging a device into our network. He doesn't appear to be able to access the network itself, but is able to access the internet. I've created a DHCP reservation for him, so I'm able to ping occasionally to find when he's on the network and am working my way through switches to try to figure out where he's located. But, I'm wondering what would happen if I changed the router setting for that reservation to some bogus address. Would that block his access to the internet, making connecting to our network worthless? Would I be changing the router for everybody else (my boss's concern)? Or is there a better way to handle this problem?
I appreciate the help.

 

[LawnBoy]

You can set a rule in the router to block that single address without affecting the rest of your traffic. There are router forums on Tek-Tips with some experts who would have no problem helping you set that up.



"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[ArizonaGeek]

An easier way than LawnBoy suggested would be to do a DHCP reserve then set the default gateway to something way off. That'll block the person from getting anywhere.

Under DHCP and Reservations click on the persons reservation, right click on Router and select Properties and change the IP address. I am generally not a fan of messing with my firewall if I don't have it.

Cheers
Rob

The answer is always "PEBKAC!

 

[ArizonaGeek]

And for that matter you can change DNS servers to a bogus address as well as the default gateway. That'll double fix 'em!

Cheers
Rob

The answer is always "PEBKAC!

 

[LawnBoy]

I actually thought of that but I wasn't sure if you'd need to create a new DHCP scope, and thought the router edit might be simpler.

But yeah, the point is: misconfigure the punk!


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[lerdalt]

I'd go so far as to set the gateway and dns servers to the same address you are assigning for him.

Or for additional fun, redirect all of his traffic to a bogus webserver.

 

[rn4it]

Is this happening during business hours or off business hours? We had a similiar issue we're a user brought in a Linksys router so he could have his PC and laptop connected to the network at the same time. So we explained to him that he wasn't to do that and got him set up with a second data jack that just needed to be patched into the switch for that area.

What I'd do is if you know his/her mac-address, then I'd let him continue doing what he/she is doing, as long as their not doing any harm and trace them out to the desk. Once I know where they're siting, then either show up in person or with the appropiate people and catch him/her in the act. Or if this is occuring off hours, still trace them out to what desk they used and what time and go through approprate channels to find out who it was then why.

Depending on the why they are doing what they may use a device/application that can do MACspoofing, which could lead to other issues.

Good Luck, just my 2cents

 

[lhuegele]

- Do you have a documented policy against people plugging non-company owned equipment into your network?
- Do you have managed switches in your environment? If you did, you would be able to track down this traffic to the port level - which you could then trace back to the individual cube/desk.

We partner with our users here - we not only let them know what their are not supposed to do, we make sure they understand WHY - We see situations you describe as a teaching opportunity and treat it as such. Only when we see someone breaking the rules on a regular basis do we seek other alternatives. I like the idea of redirecting all web traffic for this person to a web site you set-up that provides links to the company policies - no matter what web address they try to go to, they end up there instead. We already do something like that for Youtube and Myspace.

Good luck,

 

[spaulding]

I work for a school district and yes we have an Acceptable Use Agreement that states that this type activity is prohibited. We only have managed switches at the campus level and our IP scheme specifies the campus, so I know which school he's at. But below that level, the switches are unmanaged (money).
My intent when I catch him is to explain things to him in a manner similar to what you've described. Although I will be comparing his name to our list of "people of interest". A positive correlation there may change our methods.

I am interested in your suggestion to redirecting his web traffic. Could you point me somewhere I can figure out how to set that up?
Thanks for your help

 

[rn4it]

Although the redirection is good, it could be done either through you're DHCP server or through Policy based routing. Both of these you'd need to referrence knowledge base/user guides for the type of devices you're useing. The one problem with it, is if he/she has any resonable technical skill he/she will start spoofing mac addresses. This can be done with a Linksys router, and most other broadband/DSL router firewalls.

Are you able to determine which unmanaged switch he/she is on? If so and if it's always the same one. Set up a modem to dial into and console into the unmanaged switch. then you should be able to trace it out.

good luck

 

[lhuegele]

Hi Spaulding.
Do you have a DNS server and a web server at that school? I will have to do some reasearch on redirection using MAC addresses and see if I can dig up anything for you. We have done this for an entire site before, but not for just one mac address.

 

[PcLinuxGuru]

We had that issue not so long ago. We simly used the Vendor ID tag on the DHCP server. Using logon/logoff scripts the authorized machines would pull the vendor ID.

In DHCP we separated the vendor ID to give the proper info while a machine not in AD would be given false gateway and DNS.

Killed all the linksys routers and people bringing in their home machines. However if the person is skillful they will simply static the gateways/dns servers