+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
Windows Thread, Block Student Laptops in Technical; OK. Some bright student has found out the IP address of our proxy server (internal). We're not happy with them ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    Block Student Laptops

    OK.
    Some bright student has found out the IP address of our proxy server (internal).
    We're not happy with them using the internet on weekends and evenings via their laptops.
    I can secure the Wifi points so they can't connect via them. Is there a way to block them having access when plugged in? Can find out the MAC address if need be.
    Many thanks.
    PS - Not using ISA

  2. #2
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,385
    Thank Post
    311
    Thanked 295 Times in 224 Posts
    Rep Power
    106
    The MAC address would be the only way to definatly block them and lock the Wireless.

    Only way they can get on again is by using another laptop.

  3. #3

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    How can your block with MAC Address?

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    Im lost here, why does it matter if they have your proxy server IP? Surely a WIFI key would sure the problem of them getting an internet connection.

  5. #5

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Yeah but some decide to plug in too with patch cable !!

    Looking for a FREE way if possible to block both

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    Is it a boarding school? Are you using ISA?

  7. #7

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Yes its a boarding school and no we're not using ISA.
    We're using Avantis ContentCache

  8. #8

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    Quote Originally Posted by rad View Post
    The MAC address would be the only way to definitely block them and lock the Wireless.

    Only way they can get on again is by using another laptop.
    Or they could just sniff the traffic using wireshark, find a MAC address which does work and set their MAC address to match. Quite a few network card drivers allow you to specify the MAC address you want to use (eg my laptop has a Broadcom and there's a simple option in Windows to just enter an address)

    A few things I can think of; 802.1x authentication on your switches could block access (it might take time to set up but if you already have a Radius server it's probably not too hard). If you can specify times on the proxy server when certain users are allowed then that might be an easy way (ISA does this which doesn't help; pretty sure you can do it with Squid)

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    What content filter do you have?

    You could find the mac of the laptop and give it a dummy address in DHCP.

  10. #10

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Another thread on here says that you can block the MAC address in dhcp so PC Doesn't pick up an IP?

    Content Filter provided by ISP and a bit via the ContentCache.

  11. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    It's difficult as there's no 'real' way to stop this. DHCP was designed to seek and allocate an IP to any device it finds. In saying that, you could schedule DHCP server to stop and then restart an hour before you get into work

    Code:
    @echo off
    net stop "DHCP Server"
    Exit
    Code:
    @echo off
    net start "DHCP Server"
    Exit
    This wouldn't stop them entering a static IP however. You could also put a Power Timer on all switches so they power off, apart from your core switch with your servers and admin workstations. This would definitely sort them out

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    Even better setup something on your proxy to power it down and up again. A script to disable the NIC and start it again.

    If you had ISA you could configure it so only machines in AD and use the internet.

  13. #13

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    What about blocking your proxy server internet access in your firewall outside school hours.

    This would block everyone's internet so it's prob not the solution your after!

  14. #14


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    1. Get a proxy/filter which has AD authentication
    2. Set a rule banning 'net access for students and the terminally unauthenticated after 10pm or what have you
    3. job done

  15. #15

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    If you want to be horrible then you could have DHCP running but all clients are assigned a reserved IP based on MAC address, the remainder of the scope passes it to a different gateway ... one that goes nowhere.

    They get an address and gateway but it buggers them up for a bit ... just a bit of an inconvenience but every bit that is another layer of annoyance is fun.

    As mentioned previously, AD assigned authentication internally would work on a filter (AD authentication of client on teh domain as well as the user)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Providing wireless internet access for student laptops
    By meastaugh1 in forum How do you do....it?
    Replies: 9
    Last Post: 2nd February 2008, 02:39 PM
  2. Licenses & Student Owned Laptops
    By byron67 in forum Educational Software
    Replies: 5
    Last Post: 15th January 2008, 09:29 AM
  3. Replies: 1
    Last Post: 24th July 2007, 08:10 PM
  4. what do you do - student laptops on domain
    By e_g_r in forum School ICT Policies
    Replies: 5
    Last Post: 13th June 2007, 08:56 AM
  5. Student Laptops / Domain access...
    By Ben_Stanton in forum How do you do....it?
    Replies: 8
    Last Post: 3rd May 2007, 09:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •