Detecting Rogue Clients

Similar Messages

• Mapping a rogue CLIENT in WCS with 4404

  Hi.
  Im running a 4404 (4.1.171.0) and WCS. I imported all the maps, placed the AP's etc.
  Looks great! I can find rogue AP's no problem and place them on the map with the skull and crossbones.
  However I cant figure out how to do rogue CLIENT mapping. Im almost positive It can be done but cant find it anywhere in the docs or forums.
  Any help appreciated.
  Bob

  Change the Search In to 'WCS Controllers'' under the Monitor->Security->Rogue Clients and search for rogue clients on the controller directly and then click on it and now you will see that Detecting APs are shown as well as the location if this rogue client was detected by location server.

• Operating System detection of client

  hi ,
  I stuck with one problem?
  I want to detect user/client Operating System?
  can anybody tell me how to do it?
  thanks

  Stop doubleposting. Stick to one topic: [http://forums.sun.com/thread.jspa?threadID=5350423].

• MSE not detecting associated clients

  Hi,
  i have one MSE 7.0, one WLC 7.6.120 and CPI 2.1. the AP's are 1602i and 3702i
  I had a map in CPI, showing my AP's, but i can't see associated clients, if i modify the client filter to all clients, they appear in the map, but for some reason when i modify back the filter to associated clients the followinf message appears:
  there are no clients on this floor. Either you don have any MSE which locates clients or none of your MSE detected any clients on this floor.
  NMSP status is active.
  WLC and MSE are synchronyze.
  anybody knows whats the problem?
  thank you!

  Hi, thanks for your reply.
  I checked your link, but in my opinion must be other problem, because sometimes i can see associated clients in CPI map, but most part of the time only shows clients when i modify the client filter to all.
  NMSP protocol is up and active between MSE and WLC, service are synchronyzed.
  NTP is configured in CPI, WLC and MSE, and time is the same.
  In the top of the map there is a message:
  Data may be delayed up to 15 minutes or more depending on background polling interval 
  I waited for more than 30 minutos and the associated client still not showed on the map. furthermore, in my opnion, 15 minutes is a long time to locate a client, if i have to wait 15 minutes to locate every client in my network, there is no way to make location works!
  Regards!

• Detect RMI client problem. Gotta be anothe way...

  For a while, I've been searching how to detect RMI client unexpected disconnection but there is no real answer for that. There is NO other way to let server know that client is disconnected beside using call back or using periodically checking client?? Something like unreferenced() to tell specific client is not holding the reference or something like that..

  In our system, almost every Remote interface has a void ping() method, and we periodically call this, and if there is an Exception thrown we do whatever we need to, to clean up.
  Often we create a local (static) proxy class to the Remote object that knows how to do the clean up, and has same methods but doesn't throw exceptions. it does NOT implement the Remote interface so there is no need to catch exceptions at every point it is called. This proxy can control the periodic pinging.
  I guess you could extend remote and add a ping method to it (call this PingableRemote), then extend this new interface instead of Remote directly.
  Also create a class that takes a PingableRemote and some callback object in it's constructor, which could then take care of the pinging and "remoteLost" notification in a form that can be re-used.
  Bruce

• Sockets: How can server detect that client is no longer connected?

  Hi,
  I really need help and advice with the following problem:
  I have a Client - Server socket program.
  The server listens on port 30000 using a server socket on one machine
  The client connects to localhost on port 20000, previously creating an ssh port forward connection using the Jsch package from www.jcraft.com with
  "session.setPortForwardingL(20000, addr, 30000);"
  Then the client sends Strings to the server using a PrintWriter.
  Both are connected to each other through the internet and the server uses a dynamic dns service.
  This all works well until the IP address of the Server changes, The client successfully reconnects to the server using the dynamic dns domain name, but the server keeps listening on the old socket from the previous connection, while opening a new one for the new client connection. The server doesn't seem to notice that Client has disconnected because of this IP address change.
  looks like the server is stuck inside the while loop. If i cut the connection manually on the client side, the server seems to notice that the client has disconnected, and jumps out of the while look (see code below)
  this is the code I'm using for the server:
  import java.io.BufferedReader;
  import java.io.IOException;
  import java.io.InputStreamReader;
  import java.net.Socket;
  import java.util.logging.Logger ;
  public class SocketHandler extends Thread {
      static Logger logger = Logger.getLogger("Server.SocketHandler");
      private Socket clientSocket = null;
      private BufferedReader in = null;
      private InputStreamReader inReader = null;
      public SocketHandler(Socket clientSocket) throws IOException {
          this.clientSocket = clientSocket;
          inReader = new InputStreamReader(clientSocket.getInputStream ());
          in = new BufferedReader(inReader);
      public void run() {
          try {
              String clientMessage = null;
              while ((clientMessage = in.readLine()) != null) {
                  logger.info("client says: " + clientMessage);
          } catch (IOException e) {
              logger.severe(e.getMessage());
              e.printStackTrace();
          } finally {
              try {
                  logger.info("closing client Socket: " + clientSocket);
                  clientSocket.close();
                  in.close();
                  ServerRunner.list.remove(clientSocket);
                  logger.info("currently "+ServerRunner.list.size()+" clients connected");
              } catch (IOException e) {
                  logger.severe (e.getMessage());
                  e.printStackTrace();
  }I've tried making the server create some artificial traffing by writing some byte every few seconds into the clients OutputStream. However I get no exceptions when the IP address changes. The server doesn't detect a disconnected socket connection.
  I'd really appreciate help and advice

  If a TCP/IP peer is shut down "uncleanly", the other end of the connection doesn't get the final end of connection packet, and read() will wait forever. close() sends the final packet, as will killing the peer process (the OS does the close()). But if the OS crashes or for some other reason can't send the final packet, the server never gets notification that the peer has gone away.
  Like you say, one way is timeout, if the protocol is such that there always is something coming in at regular intervals.
  The other way is a heartbeat. Write something to the other end periodically, just some kind of "hello, I'm here, ignore this message". The other end doesn't even have to answer. If the peer has gone away, TCP will retransmit your heartbeat message a few times. After about a minute it will give up, and mark the socket as broken. read() will then throw an IOException. You could send heartbeats from the client too, so that the client detects if the server computer dies.
  TCP/IP also has a TCP-level heartbeat; see Socket.setKeepAlive(). The heartbeat interval is about two hours, so it takes it a while to detect broken connections.

• Detect SAP client

  Dear sirs,
  I hope you can help me with this: I have few reports with output into MS Word using ABAP OLE. That works just fine with SAP GUI. The problem is the number of my users work with the web GUI. When using web GUI I cannot work with OLE (at least I think so, how could SAP establish a connection with word through the browser, right?).
  I need to hide the "print it into Word" icons so the users don´t get the error every time they try in web GUI. Does anybody know how can I detect which SAP client/ frontend the users are working with?
  Thank you all, reagrds, Otto

  Hi Otto,
  We can use the function module
  GUI_IS_ITS                    
  If we are using GUI, it will return nothing, else if we are using browser/ITS then it will return X.
  Hope this helps.
  Regards,
  Amit Mittal.

• Detecting Rogue Devices- Especially Linksys Routers

  All,
  I am having a bit of an issue here. My CIO is claiming he has an entire illegal network in his office and he claims he did it under our noses. I know my layer 2 port security wasn't going to catch his little linksys router. So what I noticed about the Linksys is that it has a LAN and WAN side. The WAN side as we all know interfaces with the local LAN and the LAN side is where all your devices are connected with a 192.168.x.x address. Then the Linksys router just NATs all of the IP's from the inside to the outside no one is the wiser. So with this going on someone can connect one of these to my network and connect as many devices as they want and I can't see anything other than that one external IP the Linksys router picked up from my DHCP server. My question: IS THERE ANYWAY TO DETECT AND PROTECT MY NETWORK FROM ROGUE ROUTING DEVICES?

  Enable STP BPDUGuard, DHCP Snooping and port security.

• Detecting mail client

  Hi,
  Is there a way in Flex (or AIR) to detect whether there is a mail client prior to utilizing "mailto" via navigateToUrl()?
  Thanks,
  Lance

  Hi SourceWong,
  What do you mean by saying the User-agent here?
  For the mail account in Windows Mail App, you could manage it through
  Settings(you need to open mail app and mouse the mouse to the right side)->Accounts, then select the account that you want to change settings.
  More information regarding Mail App in Windows 8.1, please check:
  Mail app for Windows
  More on Technet Blog, see:
  Supporting Windows Mail 8.1 in your organization
  Besides, for the Mail Account (if some 3rd-party mail service) that you want to change the settings, you may consider to ask at their official website and see if any helpful suggestions would be offered.
  Best regards
  Michael Shao
  TechNet Community Support

• OPA is not detecting subversion client.

  Hi All,
  The OPA help says that if the command line client version is installed then OPA automatically detects the subversion. However, the OPA on my machine is not detecting it and hence it is not available in File | Source Control menu options.
  Both OPA and Subversion client are installed on same drive and on same Folder i.e. Program files.
  I there any other prerequisite?
  Kindly help me resolve this.

  Duplicate of thread OPA and Subversion

• Can OnPlus detect rogue DHCP servers?

  On one of my customer's networks I seem to be getting a lot of duplicate IP addresses being detected.  Assuming these messages are valid, I suspect there are additional DHCP server(s) on the network somewhere.  It's a physically large building owned by a church with one flat (layer 2) network (wired and wireless) including different types of users (students, retired nuns, office workers, clergy).  There are lots of opportunities for someone to connect nearly anything to the network.
  I would like to be able to detect these possible rogue DHCP servers.  Can the OnPlus that I have installed there help me?  It has been nearly impossible to find the devices with dupes based on MAC address so far.
  Thanks.

  Hi Chris,
  ON100 supports rogue DHCP server detection by default (search OnPlus documentation for ROGUE DHCP events). The default behavior is that the ON100 learns the available DHCP servers on the network whenever the ON100 (re)boots, and if ever it sees broadcast DHCP server replies from a different source IP than the ones that were available, it will trigger this type of event. Unfortunately, if the rogue DHCP server is already present when the ON100 is booted on the network, the ON100 will consider it as pre-existing and therefore won't consider it as an invalid DHCP server.
  You can override this simplistic behavior by adding an explicit DHCP monitor to one or more hosts on the network, this gives the ON100 a definitive list of authorized DHCP servers, and then only if a truly rogue DHCP server appears should you see these events.
  The Duplicate IP monitor is a separate monitor altogether than the DHCP monitor (which additionally provides the rogue DHCP server detection) and doesn't necessarily indicate a rogue DHCP server on the network. I understand that misconfigured windows servers with ICS enabled are a common source of rogue DHCP servers on networks.
  -mike

• Detecting C++ clients crashing

  Hello��
  Is there any way (exception, event, system agent, name service,....) to detect, from the server side, when a VC++ client application has crashed?
  NOTE: the binary "nodemgr" is not runnning on the client side, so we cannot see the active client partition in the environment.

  Yes, I do speak spanish. You can email me at [email protected] or contact me by MSN.
  Anyways, I think there is a missunderstanding here. UDS does not generate DLL files (assuming you are working on a Windows platform).
  I may be able to help you out.
  Cheers!

• How to detect ipaddress client when computer client is turn on

  I have problem :
  ** how to detect ipaddress from client when the computer client is turn on???
  i have assumption : server ipaddress 192.168.2.21
  client_1 ipaddress 192.168.2.26
  client_2 ipaddress 192.168.2.27
  anyone want to help me,please give me the sample program.
  thanks before.

  your client will have to
  1) start up when the machine does
  2) make a TCP/IP connection to the server as it starts up
  when the server gets a connection from the client, you can query the relevant Socket object for the source IP address
  a simple 'google' for java socket tutorials, or a search of the Sun site will show you more quickly and definitively than anyone on a forum

• How to detect ipaddress client when client computer is turn on

  I have problem :
  ** how to detect ipaddress from client when the computer client is turn on???
  i have assumption : server ipaddress 192.168.2.21
  client_1 ipaddress 192.168.2.26
  client_2 ipaddress 192.168.2.27
  anyone want to help me,please give me the sample program.
  thanks before.

  cross post
  http://forum.java.sun.com/thread.jspa?threadID=786950&messageID=4471598#4471598

• Always On: Detect from client which replica is active

  Since the client simply connects to the listener and gets an IP, is there a way through either the client object model or a query which I can use from the client to determine which replica is on the other end of the connection? 
  Thanks,
  Philo
  Philo Janus, MCP Bridging business & Technology: http://www.saintchad.org/ Telecommuter? http://www.homeofficesurvival.com/ Author: Pro InfoPath 2007 & Pro InfoPath 2010 Pro PerformancePoint 2007 Pro SQL Server Analysis Services 2008 Building Integrated
  Business Intelligence Solutions

  Hello,
  If you just want to know which replica you are on, you can check @@ServerName, if the replica can be hosted on a FCI then you'll want to check the node's physical name through SERVERPROPERTY('ComputerNamePhysicalNetBIOS').
  Is this what you're after?
  -Sean
  The views, opinions, and posts do not reflect those of my company and are solely my own. No warranty, service, or results are expressed or implied.