+ Post New Thread
Results 1 to 4 of 4
How do you do....it? Thread, Rogue Laptops on Network in Technical; Hi People, We have a problem with unknown laptops appearing on the network. We use DHCP meaning as soon as ...
  1. #1
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17

    Rogue Laptops on Network

    Hi People,

    We have a problem with unknown laptops appearing on the network. We use DHCP meaning as soon as they plug in they get an IP address. We have unpatched any non-used network points; however they then just unplug a desktop and use its network cable.

    Does anyone know or use any utilities that can either take the laptop down or determine where it is etc.

    We have attempted to gain access with remote tools etc however there using Norton from what we can tell and it's blocks us obviously!

    We used to have this problem a while back where students purchased laptops through the college, with this we just named the laptops with a unique ID and recorded there MAC address and blocked them that way.

    All ideas welcome!

  2. #2

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Rogue Laptops on Network

    we use machine authentication using 802.1X here so its impossible for rouge laptops to just plug in...

    Also could you not check on your switches which port the laptop is connecting to and then find the person in question.... this is only useful if you are talking about 1 person, if there are many then it dont make sense.

    http://netdisco.org/ This is also a very powerful tool but im unsure how much it costs...

    Cheers

    N

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Rogue Laptops on Network

    You want some form of Network Access Control (NAC). You can use PacketFence to do this.

    It works like this. Basically when you first connect an 'unknown' laptop, you'll end up being sent to PacketFences captive web portal (just like a wifi hotspot). You then need to authorise it with a valid domain login (you can restrict this to a paticular group if you like, just staff for example). It'll get scanned with Nessus (if you want) and assuming it gets a clean bill of health it'll be allowed on the network. From then on it'll be monitored through snort and periodically scanned. If it fails a scan, or triggers a snort alert you deem 'bad' it'll be arp poisioned off the lan. You can then go shout at whoever authorised it.

  4. #4
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17

    Re: Rogue Laptops on Network

    Quote Originally Posted by Geoff
    You want some form of Network Access Control (NAC). You can use PacketFence to do this.

    It works like this. Basically when you first connect an 'unknown' laptop, you'll end up being sent to PacketFences captive web portal (just like a wifi hotspot). You then need to authorise it with a valid domain login (you can restrict this to a paticular group if you like, just staff for example). It'll get scanned with Nessus (if you want) and assuming it gets a clean bill of health it'll be allowed on the network. From then on it'll be monitored through snort and periodically scanned. If it fails a scan, or triggers a snort alert you deem 'bad' it'll be arp poisioned off the lan. You can then go shout at whoever authorised it.
    Thanks Geoff, i have seen that before, i am in the position of trying to implement it with my Network manager, however he has a long Research & Development process, which is more than likely going to be the summer holidays, apparently.

    This has just confirmed that we do need something like!

SHARE:
+ Post New Thread

Similar Threads

  1. Connecting non RM laptops to a CC3 network
    By pbed77789 in forum Network and Classroom Management
    Replies: 26
    Last Post: 16th June 2010, 02:18 PM
  2. Teachers laptops on wireless network
    By bishopsgarthstockton in forum Wireless Networks
    Replies: 21
    Last Post: 27th February 2009, 08:53 AM
  3. Replies: 8
    Last Post: 9th November 2007, 01:33 PM
  4. Rogue Devices
    By palmer_eldritch in forum How do you do....it?
    Replies: 20
    Last Post: 25th April 2007, 12:30 PM
  5. Staff laptops: Letting 'em install network software
    By eean in forum How do you do....it?
    Replies: 3
    Last Post: 13th September 2006, 08:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •