Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Microsoft Windows Fingerprints

New Member
Posts: 1
3246     0

Hi everyone,

 

Wonder if anyone can help, I am trying to use a Fingerprint filter to block all Windows 7 machines from obtaining a DHCP lease. The windows 7 fingerprint preconfigured in Infoblox only seems to identify clients running IPv6.

 

Has anyone used this method to block Windows 7 clients? If so would it be possible to share the relevant fingerprints used?

 

I run a filter on my DHCP leases, I know there are some Windows 7 machines running yet there are none identified.

 

Also is this method recommend?

 

Cheers

Paulo

Re: Microsoft Windows Fingerprints

[ Edited ]
Techie
Posts: 9
3247     0

Hi Paulo, 

 

You can find the DHCP Fingerprint for Windows 7 from Data Management - DHCP - Fingerpints - search 'Microsoft' (for IPv4 : Microsoft Windows 7 or Server 2008 R2 or Server SBS 2011 (Version 6.1) and IPv6: Microsoft Windows 7/Server 2008 ) . To create a filter with, Data Management - DHCP - IPv4 Filters - Add - IPv4 Figerprint Filter, choose the fingerprint desired. Once created, you can apply this to a range by going to, Data Management - DHCP - Networks - go inside the network in question, click on range - IPv4 filters - under Class Filter List - Add the Fingerprint filter you created for Windows 7 - Deny lease - save the settings - restart the services. 

 

For more information, you may please refer to the below documentations as well 

 

https://docs.infoblox.com/display/NAG8/About+DHCP+Fingerprint+Filters

https://docs.infoblox.com/display/N83EA2/Configuring+IPv4+DHCP+Filters

 

Note: It is highly recommended to first implement the changes in a lab environment, test with both Windows 7 / non-windows 7 machines to reqeust for lease before making it in production in order to avoid any undesired impacts. 

 

Regards,

Vineeth Krishnan

Re: Microsoft Windows Fingerprints

New Member
Posts: 1
3247     0

Unfortunately, we're finding this combination of Windows 7 fingerprints also selects some Windows 10 clients; thoughts?

Re: Microsoft Windows Fingerprints

New Member
Posts: 1
3247     0

This still appears broken and infact is worse after the recent Microwofy Security patch. Also the Windows7/Server2008 Fingerprint see,ms to have moved to IPv6 only. Is there one of the Microsoft Kernel fingerprints we could use to identify (and then block) Windows 7 clients?

Showing results for 
Search instead for 
Did you mean: 

Recommended for You