Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

DHCP Fingerprinting "No Match/Unknown"

Authority
Posts: 30
2771     0

Hi,

 

I've recently noticed a large portion of the fingerprint data falls into the "No Match/Unknown" category.

 

Lot of these devices are Dell PCs, Dell Wyse Technology Thin clients and Xerox printers.

 

However there are devices of these same type that are being matched.

 

NIOS version 8.3.1

 

Has anyone faced this same issue and have resolved it?

 

Regards,

Goku

Re: DHCP Fingerprinting "No Match/Unknown"

Moderator
Moderator
Posts: 36
2771     0

Hello there,

 

Infoblox uses the set of DHCP Options available in the DHCP REQUEST message, like option 55 and option 60 to decide or match the Fingerprinting. The information provided in these options are used to form the Fingerprint that identifies the requesting client.

 

Do the Client that falls into "No Match/Unknown" category provide the same set of options as the ones that are being correctly matched?

 

To the best of my knowledge, there must be some descrepency in the Request from the Client that could cause Infoblox to not associate the Client with any existing Filters.

 

Comparing the Options by taking a Traffic Capture for devices of the same type which work and does not work would be a right start in understanding this further.

 

You can also reach out to Support for further assistance if required.

 

Regards.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You