Questions

How can I expire a DHCP lease on a Rogue Device?

+
0 Votes
Locked

How can I expire a DHCP lease on a Rogue Device?

teligence
I need to drop DHCP assignments for such things as internet radios, mobile phone wifi, etc. on my networks. I use the DHCP Server services of Windows Server 2003. I know it can be done on Windows PCs via "ipconfig /release" , etc. but that doesn't work on other devices as mentioned.
  • +
    0 Votes
    robo_dev

    For many devices the answer is 'you cannot do that' unless you bounce the power connection or disable/enable the wifi radio in the device.

    WiFi networks in places like train stations set the DHCP lease time to a very short time, like 15 minutes.

    Not sure, overall, what you are trying to do, since nothing prohibits a rogue device from getting a new IP address immediately after DHCP lease expires or simply setting a static address.

    +
    2 Votes
    geekfelix

    I think it might be better to identify the MAC addresses of known devices and setup a whitelist for those then prohibit any others from connecting.
    Every network device has a MAC address to identify it. If you can identify which MACs belong to the rouge devices you should be able to block them on your router.

    +
    0 Votes
    Rob Kuhn

    When I think of rouge devices I'm thinking of devices that should not be on my network at all.

    Since you mentioned internet radio as an example, this is something that a proxy server or some sort of web/content monitoring server/service/appliance would work better since. Since I don't know the size or your network or how it's built, a proxy server might be too difficult to inject. Not to mention the time and resources required to setup, configure and maintain.

    At my last company, before I put in any sort of filtering, I authored and enfored a general computer usage policy. Said policy touched on acceptable usage (there are times when internet radio/podcasts are required).

    I worked with HR and with the other managers before enforcing (HR pushed it out to the employees to read and sign, then later it was included into the employee handbook).

    Even though it was *my* network, I now had something that I could fall back onto if I had to take action for misuse; the employee was now aware that certain activities were not allowed and that consequences could result. It also helped protect the company.

    The original policy was very general so it gave the employee the ability to make an argument to justify his/her case.

    For example the use of social networking sites and services (such as facebook, myspace, etc.) were considered not acceptable usage. But if you were in our marketing and sales department it was acceptable usage. As with some streaming services (i.e. online webniars).

    Then as the company grew and management wished to tighten security is when a proxy type apppliance was introduced into my infrastructure at which point we able to really control what people could and could not access.

    +
    1 Votes
    sysadmn

    Blacklist the MAC address, then use a tool to kick them off the network. Search for "wifi kill" or "wifi kick". These tools typically reset the connection; if the device is blacklisted, it will be unable to rejoin.

  • +
    0 Votes
    robo_dev

    For many devices the answer is 'you cannot do that' unless you bounce the power connection or disable/enable the wifi radio in the device.

    WiFi networks in places like train stations set the DHCP lease time to a very short time, like 15 minutes.

    Not sure, overall, what you are trying to do, since nothing prohibits a rogue device from getting a new IP address immediately after DHCP lease expires or simply setting a static address.

    +
    2 Votes
    geekfelix

    I think it might be better to identify the MAC addresses of known devices and setup a whitelist for those then prohibit any others from connecting.
    Every network device has a MAC address to identify it. If you can identify which MACs belong to the rouge devices you should be able to block them on your router.

    +
    0 Votes
    Rob Kuhn

    When I think of rouge devices I'm thinking of devices that should not be on my network at all.

    Since you mentioned internet radio as an example, this is something that a proxy server or some sort of web/content monitoring server/service/appliance would work better since. Since I don't know the size or your network or how it's built, a proxy server might be too difficult to inject. Not to mention the time and resources required to setup, configure and maintain.

    At my last company, before I put in any sort of filtering, I authored and enfored a general computer usage policy. Said policy touched on acceptable usage (there are times when internet radio/podcasts are required).

    I worked with HR and with the other managers before enforcing (HR pushed it out to the employees to read and sign, then later it was included into the employee handbook).

    Even though it was *my* network, I now had something that I could fall back onto if I had to take action for misuse; the employee was now aware that certain activities were not allowed and that consequences could result. It also helped protect the company.

    The original policy was very general so it gave the employee the ability to make an argument to justify his/her case.

    For example the use of social networking sites and services (such as facebook, myspace, etc.) were considered not acceptable usage. But if you were in our marketing and sales department it was acceptable usage. As with some streaming services (i.e. online webniars).

    Then as the company grew and management wished to tighten security is when a proxy type apppliance was introduced into my infrastructure at which point we able to really control what people could and could not access.

    +
    1 Votes
    sysadmn

    Blacklist the MAC address, then use a tool to kick them off the network. Search for "wifi kill" or "wifi kick". These tools typically reset the connection; if the device is blacklisted, it will be unable to rejoin.