Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Solomin2015-11-30 09:59:22
Computer networks
Evgeny Solomin, 2015-11-30 09:59:22

How to block an address (MAC - IP)?

Good afternoon colleagues!
Question from the network troubleshooting segment ;-)
There is a network 192.168.1.0/24 , the gateway is 192.168.1.1 (Mikrotik);
The first ten addresses 192.168.1.2-192.168.1.11 - Ubiquiti UniFi APLR;
The rest 192.168.1.15-192.168.1.254 - DHCP Clients (distribution via WiFi).
The grid is open (it should always be open).
Someone took a point (it is not known in what place, it is not known which manufacturer), and configured 192.168.1.1 on it, after which a collapse formed in the network.
Now, as you understand, clients have Internet for 5 minutes, and they don’t have it for 5 minutes, and so on cyclically.
The MAC address of this point, theoretically (practically) can be found out.
Please tell me, maybe you know the tools that will allow you to block this point in this network segment? Or advise how best to do so that in the future such a situation would not happen again?
Thanks in advance for your answers.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
C
Cool Admin, 2015-11-30
@ifaustrue

1. Determine the mac address of the intruder using the ping and arp commands with the "valid" gateway turned off.
2. In the software of access points, enter the mac address of the offender in the black list.
3. Profit.
It's extremely hard to make sure it doesn't happen again. This IP does not have "on the forehead" mechanisms of protection against such attacks. Some switches can, but from the description, your hardware can't.

Report
O
Oleg Tsilyurik, 2015-11-30
@Olej

There is a network 192.168.1.0/24 , the gateway is 192.168.1.1 (Mikrotik);

And you transfer the default IP (gateway) somewhere to the end of the subnet range ... 192.168.1.200 ;-)
The address 192.168.*.1 is the most traditional one, therefore, due to thoughtlessness or spite, they most often land on it.

Report
V
Vladimir Zhurkin, 2015-12-01
@icCE

On local interfaces, enable reply-only or view traffic segmentation.
In the ARP list, manually bind the mac-addresses and ip-addresses of the router.
Make a rule that will stupidly kill the left udp 67\68 from other mac addresses.
Additionally look for microtik DHCP snooping

Similar questions
D
DonorOfLove2021-05-07 22:50:15
How to align an icon to the bottom right corner? 4Reply
K
Kenny002020-11-27 18:13:12
Is a local network in the office 10 Gigabit over copper possible? 3Reply
S
sensboston2014-10-07 09:20:21
Should I use Microsoft Azure for a simple gaming web service? 2Reply
T
tester122020-11-28 23:07:36
How are unlimited tariffs (wired) limited? 5Reply
A
Andrew2014-10-07 17:45:52
Is it possible to find out about saving the page? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question