How do I get someone off my network?

RedSC

Junior Member
May 27, 2005
7
0
0
I noticed today at work that I have an unauthorized computer on my network. It's in the MSHome workgroup instead of our usual workgroup and is called Mobile, so apparently somebody has brought something in and just plugged it in to our network. I tried net sending a message to it, but apparently that is turned off. I deleted it's DHCP lease twice, and now apparently it has a static IP address, because I can ping it, but it isn't showing up with the other DHCP computers.

Sorry for the newb question, but I'm trying to learn. How so I kick it off permanently, or at least contact it so I can find out who it is?
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
shut down the switch port.

look at the routers arp table and find the mac address. then locate that mac address in your switches. eventually trace it down to the port, from there shut it down/disable it.
 

Diaonic

Senior member
May 3, 2002
305
0
0
You could make an exception on your DHCP server to give that particular mac address a static IP. Than block the static ip in your firewall.

Probably not ideal and it wouldn't stop local traffic.

Spidey's solution is ideal but that requires you to have managed switches. Not everyone has those.
 

deftech

Member
Apr 12, 2005
41
0
0
Unplug his port at the patch panel/hub/switch...all done :)

Or go find him and kick his ass...:))
 

skyking

Lifer
Nov 21, 2001
22,707
5,834
146
With an unmanaged switch<s>, it is laborious.
How big is the network? you said workgroup, so I hope it is less than 25 machines or so. If that is the case, I'd go find and document each device and run, if you have not already. In an unmanaged situation, I log MAC addys, description, location, and current IP's of machines on a text file. it comes in handy later on if you do get managed switches. You'll walk up to this device soon enough.
It will be good to have a map of things anyway.
 

casper114

Senior member
Apr 25, 2005
814
0
0
I personally use my router to filter all mac addresses except for the ones that I know I want on my network. That works for wireless and hard wired.
 

RedSC

Junior Member
May 27, 2005
7
0
0
The network has around 150 machines on it, with HP Procurve 4000 switches and a Cisco 1751 router. Forgive my ignorance if I confuse what I say- two months ago I was a programmer, and had never touched a network. Most of the machines are local, but we have around 20 in remote locations connected over frame relay or VPN. I think it is in this location because of the IP range it is in, but the we've got computers spread out pretty far- we're a manufacturing company. I would assume I have managed switches, but don't know enough about it to say for sure. I think I can fix the problem using Diaonic's advice, but it's taking me a while between other fires to get it figured out.

Thanks for all the advice.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Do you have telnet access to the routers and switches?

If so, on the router type "how ip arp x.x.x.x" where the Xs are the IP address.

write it down.

Then go to the switch closet to the router and type "show mac cccc.cccc.cccc" where the Cs are the mac address. That should give you the port the mac is on...if that port goes to another switch and not a host (found out by "show mac PORT#", if it has more than one MAC it is connected to another switch, then repeat this process until you find it.

Or if you have HPs management application you may be able to track down the MAC with that.
 

RedSC

Junior Member
May 27, 2005
7
0
0
I got into the router and got the MAC, but I'm having trouble getting into the switches.

I don't have HP's management app, but I'll look on the old IT Supervisor's machine and see if he had it.
 

Genx87

Lifer
Apr 8, 2002
41,091
513
126
oh hehe.

Try to telnet into the switches, they are managed right? If that doesnt work it should have a serial connection you can connect to.

 

RedSC

Junior Member
May 27, 2005
7
0
0
I had only tried telnetting into the first switch, and got nothing. I just tried the second, and got in. I'm looking around now.
 

jamesbond007

Diamond Member
Dec 21, 2000
5,280
0
71
http://freshmeat.net/projects/ip-sentinel/

He'll never ever get his @$$ on the network if you pull this on him. It's great for having fun at LANs and causing a lot of ruckus.

A friend of mine accidentally sent the signal to an entire lab of computers and everyone was complaining instantly. He logged off and left the room after closing the program. :p
 

Tazanator

Senior member
Oct 11, 2004
318
0
0
gee just get the MAC address and drop everything to that mac/IP ... that will stop him at router for internal ... find the port he plugged into and use a BOFH ethernet killer (plug that ethernet into the power feed lines) no more problems...