Block iPhones
-
Hi
It seems that everyone in one of our offices is hooking up their iPhones to the internal WiFi.
Is there an easy rule to block these connections as you could with the OS fingerprint on desktop computers?Cheers
Gordon -
No, the MAC OS fingerprint doesn't seem to pick them up.
Why can't you put a wireless key on the access point? -
From the MAC addresses in your DHCP log you can pick the Apple hosts by their vendor ID.
My iPhone 3G's MAC starts with: 00:23:df
and my 3GS MAC begins with: 00:26:08Assign them fixed IPs everytime they query DHCP and block those IPs with a rule.
Changing the MAC in an iPhone isn't as trivial as with other devices.Having said this, it is only a workaround.
Either you have an open WLAN and don't care who does what or you restrict access. -
Uh, just checked this out.
Create a block rule on the interface where your iPhones come in. Hit the 'Advanced' button at 'Source port range' and select MacOS as source type OS.
Maybe this works for iPhoneOS as well.
Remember that the order of the rules is important.Please report back what you find!
-
Thanks for the replies.
Unfortunately, we also have some legit MACs OSX on that interface.
I will strip the wireless out onto its own interface and see what I can break after that.Cheers
Gordon -
Uh, just checked this out.
Create a block rule on the interface where your iPhones come in. Hit the 'Advanced' button at 'Source port range' and select MacOS as source type OS.
Maybe this works for iPhoneOS as well.
Remember that the order of the rules is important.Please report back what you find!
That's what I was talking about above. I tested that and it didn't pick up the iphone.
-
Well, then I'd say it doesn't work for iPhone OS, just for Mac OS.
At least you could create an 'allow Mac OS rule' then…
-
now there's lateral thinking!
cheers Chris
-
@Gob:
now there's lateral thinking!
Sure. It would get boring otherwise, wouldn't it? ;-)
1. allow MAC OS
2. allow Windows
3. deny the restHow about that? Rules out iPhones as we just learned.
But I'm sure you come up with some VAXes or other uncommon gear and it doesn't work this way. Anyone surfing with a PSP? ;-)))
