dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to StuartMW

Re: tracing a mac address

In case you didn't know, Windows has an ARP command. This only seems to query the local ARP cache, so may be of limited use.

To resolve a MAC address to an IP address, arp -a | findstr nn-nn-nn-nn-nn-nn


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
192.168.1.104

now what?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to dave
said by dave:

In case you didn't know, Windows has an ARP command.

Yes I know.

This only seems to query the local ARP cache, so may be of limited use.

I'm aware of that too. Not knowing whether the OP let his router assign IP's (most common) or has a service on a PC doing it I wrote
quote:
...you can use an arp utility either on a PC or on your router if it supports it's use.
My router has a very good command line processor and since I have it configured as a DHCP server I'd use it's ARP command (and have).
--
Don't feed trolls--it only makes them grow!


horacebork
Premium
join:2011-03-17
09001
Reviews:
·Time Warner Cable
·voip.ms
stuartmw:

I'm aware of that too. Not knowing whether the OP let his router assign IP's (most common) or has a service on a PC doing it I wrote

quote:
...you can use an arp utility either on a PC or on your router if it supports it's use.

i like to use static ips, so i assign them. my router is an airport extreme base station.
i'm almost positive there's no command line access.
might there be a way that some mix of disabling dhcp and other configs could help secure the router?

re: arp - i'm running os x, i have arp on the command line.
how can i utilize this to help secure my network?
and would some machine on the network always have to be on?
--
".. the sofa has just vanished." ".. well, that's one mystery less."

SpHeRe31459
Premium
join:2002-10-09
Sacramento, CA
kudos:2
So wait you statically assign IPs, yet you left DHCP on? From a quick Google search I see that good ol' Apple doesn't think you'd ever want to disable DHCP. Here's a workaround: »macnugget.org/projects/aebx/

Since your router has no command line access you can't check the ARP command there so you're basically at the end of the road here.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to horacebork
said by horacebork:

i like to use static ips, so i assign them.

Actually I have some static IP's and some pseudo-static IP's (IP's assigned through DHCP but "static" based on their MAC address).

That mean's I don't have a have a local DNS server (I use Windows HOST files to name my stuff).
--
Don't feed trolls--it only makes them grow!


horacebork
Premium
join:2011-03-17
09001
Reviews:
·Time Warner Cable
·voip.ms
reply to SpHeRe31459

So wait you statically assign IPs, yet you left DHCP on?

right. there are still a couple of devices that i cannot assign static ip on the device itself.
the apple tv is one of them. i could reserve a static ip for it's mac address, i suppose ..

is there a way by disabling dhcp that i can prevent an outside machine from gaining a compatible ip address on my lan?

--
".. the sofa has just vanished." ".. well, that's one mystery less."

SpHeRe31459
Premium
join:2002-10-09
Sacramento, CA
kudos:2
said by horacebork:

So wait you statically assign IPs, yet you left DHCP on?

right. there are still a couple of devices that i cannot assign static ip on the device itself.
the apple tv is one of them. i could reserve a static ip for it's mac address, i suppose ..

is there a way by disabling dhcp that i can prevent an outside machine from gaining a compatible ip address on my lan?

Seems to me like you pretty much already hit on what you can do. Reserve the MAC address of those devices that can't be set statically (manually). Then set the DHCP pool to exactly the number of devices that must use DHCP.

I don't know of any TCP/IP enabled device that cannot be manually assigned. I'm pretty sure to be a TCP/IP enabled device the specifications mandate that it must expose a method for manual assignment.

For example: with a simple Google search of "apple tv static ip address" I immediately found instructions for setting a static IP address for Apple TV...

Menu >> Settings
General
Network
Configure TCP/IP
Choose Manually
Enter your desired IP


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
said by SpHeRe31459:

Reserve the MAC address of those devices that can't be set statically (manually). Then set the DHCP pool to exactly the number of devices that must use DHCP.

That'll work nicely unless someone tries to spoof one of the MAC addresses. Then, as they say, results may be unpredictable.
--
Buckle Up. It makes it harder for the aliens to suck you out of your car.

SpHeRe31459
Premium
join:2002-10-09
Sacramento, CA
kudos:2
Right, it's sort of the best that can be done in that situation. I would think that it's pretty slim chances that someone is going to try that hard to mess with some random person's wireless network that was probably just seen while wardriving around or something.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 edit
reply to EGeezer
said by SpHeRe31459:

Reserve the MAC address of those devices that can't be set statically (manually). Then set the DHCP pool to exactly the number of devices that must use DHCP.

I've been doing exactly this for years. I also have some static IP's (set in the device) that are outside the pool. If someone manages to spoof any one of my IP's then I have more serious issues
--
Don't feed trolls--it only makes them grow!


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to horacebork
said by horacebork:

is there a way by disabling dhcp that i can prevent an outside machine from gaining a compatible ip address on my lan?

that will not enhance your security. As long as the device is on an unused ip address on the subnet, it can communicate with other devices on the lan. DHCP makes it easier, but not impossible by a long shot.
--
* seek help if having trouble coping
--Standard disclaimers apply.--


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
said by AVD:

that will not enhance your security.

Agreed. The best you can do (and what I have) is to use firewall rules, in your router, to try and restrict IP's (and log their activity) you know shouldn't be present. It's not foolproof however.
--
Don't feed trolls--it only makes them grow!