Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untangler
    Join Date
    Sep 2008
    Location
    Asia
    Posts
    40

    Default Users change their IP address to Ip's in Pass list

    Hello,

    Need help on how to block users probably using MAC address?
    We discovered some users changing their IP addresses to those
    they know are i the pass llist?

    Any way to block by MAC address, other than removing admin rights
    on their workstation? We are not running Active Directory.

    Thanks.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    The only thing untangle has for this is an IP reservation... but if they are manually changing their IP address Untangle can't prevent it.

    The only way to prevent this is to remove users from the admin group. You can thank Microsoft.

    Oh, and before you ask MAC level filtering isn't going to help. MAC addresses can be changed just as easily as IP addresses.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler mikepb's Avatar
    Join Date
    Oct 2009
    Posts
    49

    Default

    Not NEAR as easily. Show me a windows configuration interface to do it..........

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    1.) Right click my computer, click manage
    2.) select the device manager
    3.) Expand Network Adapters
    4.) Select the LAN adapter, right click it, select properties
    5.) Select the Advanced Tab
    6.) Select the Network Address option in the Property box
    7.) Change the option on the right to Value: type in the new MAC address into the box.
    8.) Click OK

    It requires the same rights as it does to change the IP address. Unless you remove local admin rights from the User, they have free reign to change the mac and IP address via the GUI at will.

    Real defenses against this behavior are upgraded switches with Network Access Control enabled. It isn't up to the edge security appliance to control bad workstation security. It's up to that appliance to contain bad workstation security to the local network.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    179

    Default

    Do you have a block of IP addresses set to the pass list or individual IP addresses? If you have individual addresses set then they should be conflicting with other IP addresses on the network and Windows will display a message "IP Address Conflict" or something to that effect.

    If you have a reserved block of addresses, say .10-.30, then you might want to ditch the block reservation and go with individual IP address reservations.

  6. #6
    Untangler
    Join Date
    Feb 2009
    Posts
    98

    Default

    You can change local or by group policy that users not can change it.

    Start -> Run -> GPedit.msc

    Browse to: User configuration -> Administrative Templates -> Network -> Network Connections

    The two keys you want to change are "Prohibit access to properties of components of a LAN configuration" and the other is: "Prohibit TCP/IP advanced configuration".

    Change first the LAN settings to DHCP for changing the policy. Did not tested it but I think this must work.

  7. #7
    Untangler mikepb's Avatar
    Join Date
    Oct 2009
    Posts
    49

    Default

    I stand corrected about the windows interface to change the MAC. I don't think that is quite as easy, or understood by casual users.

    The point someone made was that NAC is the only sure way to do it - OR send Guido after them. I guess that is what will have to be done. I have not had any of my user changing MAC addresses yet, that I know of.....
    Michael P. Brininstool, CISSP
    OLD Unix Geek
    OLD Network Engineer
    Untangle noob!

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    Right, but that is also why I don't use static IP configurations for clients. I use ranges for configurations certainly, but everything is handled with a DHCP reservation. If I start seeing scope violations... I know I have an issue.

    That and the users that are savvy enough to change the IP are a bit more reserved about changing their units from dynamically assigned to static for some reason...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    you should tell the boss of the abusers so they can inform them it is a violation of the terms and they can be written up or warned about it.

    then get better control over your networks desktops.

  10. #10
    Untangler
    Join Date
    Oct 2008
    Posts
    84

    Default

    software and hardware can only do so much. Report them for attempting to bypass the filter and let the boss handle it

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2