block unautorized computers

  • Thread starter Thread starter petenr
  • Start date Start date
P

petenr

I have found several unauthorized computers on my network
and I would like to block them from getting an IP address
through DHCP. I know the names of the computers, but I do
not know what OS they are running, or the location of the
computers. My network consists of several windows 2000
servers in a domain/active directory environment.

I have sent a message to the computers using net send to
have the users call me, but they didn't... Any suggestions
on how to block these computers from gaining access to
network resources?
Thanks!
 
One way is to create a dhcp scope for authorized computers that only has reservations
but that is only practical for the smallest networks and still will not block a
statically configured computer. What will work are switches that use mac address
tables to control network access or 802.1X authenticating switches that work in
conjunction with radius servers and pki. Of course those are not cheap solutions.
Assuming these machines are not domain members, ipsec can possibly be used to protect
access to domain resources. Domain W2K servers configured with ipsec require policy
will not be accessible to non domain computers using default kerberos machine
authentication. Ipsec should not be implemented without first reading documentation
and thorough testing and realizing domain controllers can not use ipsec for
communications with domain members. Ipsec can also be configured to use just AH and
not ipsec to reduce the overhead of encryption. You may be able to flush out or stop
these computers by configuring a bogus dhcp scope and creating reservations for them
based on their mac addresses which you can find by first pinging them and quickly
running arp-a on your computer. A network scanner such as Supercan 4.0 [free] may be
able to give you a lot of information about these machines to help you track them
down. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.foundstone.com/index.htm...ation.htm&subcontent=/resources/freetools.htm
 
Oops. Ipsec can also be configured to use just AH and not ipsec to reduce the
overhead of encryption should read "and not ESP to reduce overhead"... --- Steve


Steven L Umbach said:
One way is to create a dhcp scope for authorized computers that only has reservations
but that is only practical for the smallest networks and still will not block a
statically configured computer. What will work are switches that use mac address
tables to control network access or 802.1X authenticating switches that work in
conjunction with radius servers and pki. Of course those are not cheap solutions.
Assuming these machines are not domain members, ipsec can possibly be used to protect
access to domain resources. Domain W2K servers configured with ipsec require policy
will not be accessible to non domain computers using default kerberos machine
authentication. Ipsec should not be implemented without first reading documentation
and thorough testing and realizing domain controllers can not use ipsec for
communications with domain members. Ipsec can also be configured to use just AH and
not ipsec to reduce the overhead of encryption. You may be able to flush out or stop
these computers by configuring a bogus dhcp scope and creating reservations for them
based on their mac addresses which you can find by first pinging them and quickly
running arp-a on your computer. A network scanner such as Supercan 4.0 [free] may be
able to give you a lot of information about these machines to help you track them
down. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.foundstone.com/index.htm...ation.htm&subcontent=/resources/freetools.htm

petenr said:
I have found several unauthorized computers on my network
and I would like to block them from getting an IP address
through DHCP. I know the names of the computers, but I do
not know what OS they are running, or the location of the
computers. My network consists of several windows 2000
servers in a domain/active directory environment.

I have sent a message to the computers using net send to
have the users call me, but they didn't... Any suggestions
on how to block these computers from gaining access to
network resources?
Thanks!
Click to expand...
Click to expand...
 
Back
Top