topic DHCP - Getting info on allocated IPs in General Topics

DHCP - Getting info on allocated IPs

smithp — Mon, 04 Feb 2013 18:46:51 GMT

We have our PA-500 setup on our company's public network. This network is used by employee's personal machines and clients machines when they come into our office.

We have run into a few situations that we can see someone is most likely infected as the machine has been profiled by the PA-500 as transmitting threat traffic. The problem is we only have an IP address of the machine that is doing the talking.

Wondering if there is a way to get things like hostname, OS and version or any other easily identifiable information to find the infected machine.

Thanks

Re: DHCP - Getting info on allocated IPs

sdurga — Mon, 04 Feb 2013 19:39:10 GMT

SInce you are handing out IP addresses via DHCP, you will have the Mac address of the machine that is having this IP address. Apart from the MAC address PA-500 does not have any information like OS or any other information. If you have global protect in your network then PA-500 will have the information like hostname,OS, wether the machine has any antivirus software and so much other information. At DHCP level I can only think of MAC address. You can always allocate same IP to that machine based on MAC address and you can block this IP traffic.