Blocking OS specific traffic?

cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking OS specific traffic?

L2 Linker

Does anyone know if there is a way to block traffic sourced from a specific OS in our network?

We were discussing legacy Windows XP machines. Since they are no longer supported or being updated it would be nice to be able to block them from the internet but allow internal connections to them. (We have a couple of legacy programs we need to keep for customers that either dont exist any more or were never updated to run on anything but windows XP)

We were thinking that we could just block them at the firewall but the firewall doesn't recognize OS that I know of.

We could certainly give them static IPs and block them based on that but it would be nice to be able to block traffic to any Windows XP machine on our network just by virtue of its OS.

Any thoughts?

Thanks,

Ben

1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

For web applications there is a user posted solution for detecting the Windows XP agent and blocking access.

Custom vulnerability signature for identifying Windows XP clients

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

4 REPLIES 4

L7 Applicator

For web applications there is a user posted solution for detecting the Windows XP agent and blocking access.

Custom vulnerability signature for identifying Windows XP clients

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

Thanks Steven, that is perfect!

if a user changes the user agent which isnt' rocket science then this won't work. this will also only work for web traffic. Look into global protect HIPS or Forescout which is a technology partner with Palo Alto Networks or a NAC solution if you want them off the network.

L4 Transporter

bgranholm schrieb:

We were thinking that we could just block them at the firewall but the firewall doesn't recognize OS that I know of.

GlobalProtect knows the OS 🙂 So does the Firewall

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!