Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

Microsoft Windows Fingerprints
PauloLeal
New Member
Posts: 1

‎01-21-2020 08:25 AM

1129     1

Hi everyone,

 

Wonder if anyone can help, I am trying to use a Fingerprint filter to block all Windows 7 machines from obtaining a DHCP lease. The windows 7 fingerprint preconfigured in Infoblox only seems to identify clients running IPv6.

 

Has anyone used this method to block Windows 7 clients? If so would it be possible to share the relevant fingerprints used?

 

I run a filter on my DHCP leases, I know there are some Windows 7 machines running yet there are none identified.

 

Also is this method recommend?

 

Cheers

Paulo

Labels:
Reply
0 Kudos

Re: Microsoft Windows Fingerprints

[ Edited ]
VKrishnan
Techie
Posts: 9

‎01-22-2020 11:54 AM - edited ‎01-22-2020 11:56 AM

1129     1

Hi Paulo, 

 

You can find the DHCP Fingerprint for Windows 7 from Data Management - DHCP - Fingerpints - search 'Microsoft' (for IPv4 : Microsoft Windows 7 or Server 2008 R2 or Server SBS 2011 (Version 6.1) and IPv6: Microsoft Windows 7/Server 2008 ) . To create a filter with, Data Management - DHCP - IPv4 Filters - Add - IPv4 Figerprint Filter, choose the fingerprint desired. Once created, you can apply this to a range by going to, Data Management - DHCP - Networks - go inside the network in question, click on range - IPv4 filters - under Class Filter List - Add the Fingerprint filter you created for Windows 7 - Deny lease - save the settings - restart the services. 

 

For more information, you may please refer to the below documentations as well 

 

https://docs.infoblox.com/display/NAG8/About+DHCP+Fingerprint+Filters

https://docs.infoblox.com/display/N83EA2/Configuring+IPv4+DHCP+Filters

 

Note: It is highly recommended to first implement the changes in a lab environment, test with both Windows 7 / non-windows 7 machines to reqeust for lease before making it in production in order to avoid any undesired impacts. 

 

Regards,

Vineeth Krishnan

Reply

Re: Microsoft Windows Fingerprints
timc
New Member
Posts: 1

‎02-20-2020 01:44 PM

1129     1

Unfortunately, we're finding this combination of Windows 7 fingerprints also selects some Windows 10 clients; thoughts?

Reply

Re: Microsoft Windows Fingerprints
robnagy
New Member
Posts: 1

‎04-07-2023 04:08 PM

1129     1

This still appears broken and infact is worse after the recent Microwofy Security patch. Also the Windows7/Server2008 Fingerprint see,ms to have moved to IPv6 only. Is there one of the Microsoft Kernel fingerprints we could use to identify (and then block) Windows 7 clients?

Reply
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community