+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, How to block laptop via mac and dhcp? in Technical; I am struggling to remove kido/conficker from my network at the moment. I have a tool from mcaffee which scans ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30

    How to block laptop via mac and dhcp?

    I am struggling to remove kido/conficker from my network at the moment. I have a tool from mcaffee which scans your network to let you know which machines are infected. Bizarrly it only showed three machines whereas Kaspersky is telling me that every machine has an infection (perhaps it isn't a full infection?)
    Anyway when i ran the scanner I found two of the three machines and ran a kido removal tool. They are now showing up as clean on the scanner. My problem is with the third which is showing as a laptop (Old naming convention we used to have).
    I would like to block it from the network via dhcp so it won't connect to my network. Hopefully then the owner will show up complaining and then I can zap it and them!

    So I'm looking at dhcp and scratching my head?

    Can someone help?

    Thanks

  2. #2

    bladedanny's Avatar
    Join Date
    May 2009
    Location
    Sheffield
    Posts
    1,281
    Thank Post
    190
    Thanked 306 Times in 228 Posts
    Rep Power
    131
    Only thing I can think of at the moment is if it's part of a domain, could you not disable the computer account?

    Hope this helps,

    Dan

  3. #3
    leon999uk's Avatar
    Join Date
    Oct 2009
    Posts
    66
    Thank Post
    7
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    Quote Originally Posted by bladedanny View Post
    Only thing I can think of at the moment is if it's part of a domain, could you not disable the computer account?

    Hope this helps,

    Dan
    Please Someone correct me if i am wrong...
    But disabling the account is fine, thus stopping any user from logging onto the machine. But if it still connects or is connected to the network, via wireless / ethernet cable it will still spread the virus!

  4. Thanks to leon999uk from:

    bladedanny (9th October 2009)

  5. #4


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,692
    Thank Post
    352
    Thanked 797 Times in 716 Posts
    Rep Power
    347
    Quote Originally Posted by leon999uk View Post
    Please Someone correct me if i am wrong...
    But disabling the account is fine, thus stopping any user from logging onto the machine. But if it still connects or is connected to the network, via wireless / ethernet cable it will still spread the virus!

    Correct; if it gets an IP from DHCP it will still be able to communicate on the network.

    Reggiep, try connecting to the laptop from another machine via \\nameofmachine\c$ and look in Documents and Settings and see who's username is the newest modified one, might help pinpoint the owner.

  6. #5
    leon999uk's Avatar
    Join Date
    Oct 2009
    Posts
    66
    Thank Post
    7
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    Quote Originally Posted by kmount View Post
    Correct; if it gets an IP from DHCP it will still be able to communicate on the network.

    Reggiep, try connecting to the laptop from another machine via \\nameofmachine\c$ and look in Documents and Settings and see who's username is the newest modified one, might help pinpoint the owner.
    if you are worried about the virus spreading maybe try disabling ports on the firewall?

    I know we have 2 domains here and had a really bad virus outbreak a few years back and our network technician i believe blocked firewall access to stop it from spreading to the other domain.

    Not sure if you are running 2 domains, but just and idea if you are.
    Last edited by leon999uk; 9th October 2009 at 04:16 PM.

  7. #6
    ccs
    ccs is offline
    ccs's Avatar
    Join Date
    Sep 2008
    Location
    Ohio
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Try assigning a bogus(an address not in your normal IP range) ip address that is associated to that mac address via DHCP. This should prevent them from connecting to the interent and local LAN, thus seeking your help!
    -Steve

  8. #7

    Join Date
    Oct 2009
    Location
    Reading
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    How about some software to help you?

    not sure if this might be of use to you:-

    Network Access Control Advanced - Sophos

  9. #8


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,652
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Assuming you have a record of the laptop's current (or previous) IPs, search in the AD security log to find out which user logged into the domain from that machine?

    Blackholing them on DNS would work too. If they connect wirelessly, you should be able to block them from connecting via blocking them either at the radius server or on the APs / controller.

  10. #9
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,987
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107
    I found the best way to disinfect everyone was to run the MS Malicious Software Removal tool in a startup or shutdown script. There are all kinds of service entries and other files it leaves around. Make sure you disable system restore in GP as well.

  11. #10
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,228
    Thank Post
    462
    Thanked 178 Times in 175 Posts
    Blog Entries
    3
    Rep Power
    65
    You could try using the callout dll Microsoft Windows DHCP Team Blog : DHCP Server Callout DLL for MAC Address based filtering

    If I remember rightly from when I played about with it it worked well, although if the laptop already has a lease it might take until the lease has expired before it will stop working completely, but I can't remember if that's exactly right or not.

SHARE:
+ Post New Thread

Similar Threads

  1. Wireless laptop dhcp-related problem
    By Nozza in forum Wireless Networks
    Replies: 11
    Last Post: 2nd October 2009, 12:59 PM
  2. Mac laptop service manuals
    By Ric_ in forum Mac
    Replies: 0
    Last Post: 15th December 2008, 09:41 AM
  3. Laptop with touchpad like Mac
    By mrforgetful in forum Hardware
    Replies: 3
    Last Post: 11th December 2008, 11:12 AM
  4. Network a Mac laptop with windows PC's
    By Bodsworth in forum Mac
    Replies: 2
    Last Post: 30th May 2008, 11:14 AM
  5. MAC OSX NOT GETTING IP FROM DHCP
    By thegrassisgreener in forum Mac
    Replies: 4
    Last Post: 18th January 2008, 08:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •