Deploying SCCM - Do your research first...

Started by icecream-guy, February 09, 2016, 12:00:46 PM

Previous topic - Next topic

icecream-guy

We got hit with this today with a push to MS clients for SCCM.

With port-security on in the environment, basically with wake up proxy a host (A) can pretend to be another host (B) and spoof the MAC address of the host (A) setting off a port security violation. (affecting hundreds of clients, in our case)

if wake up proxy is configured in policy, consider to disable it, it's disabled by default.
if wake up proxy is not enabled in policy, If Wake On LAN in BIOS is enabled it will cause the same issue, consider to disable WoL in BIOS.

here's a decent write up

https://supportforums.cisco.com/discussion/11835361/mac-address-flapping-and-sccm-wake-proxy

:professorcat:

My Moral Fibers have been cut.

deanwebb

Wow, thanks for the post. It looks like we don't have it active, which makes me a happy NAC'er.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on February 09, 2016, 12:48:45 PM
Wow, thanks for the post. It looks like we don't have it active, which makes me a happy NAC'er.

True, it does F'up NAC,  but were are not there yet.
:professorcat:

My Moral Fibers have been cut.

Reggle

... who in the world thought of that? Why would you need proxy WoL? Is it really just to make other computers active so they can install software or am I misinterpreting this?

icecream-guy

#4
Quote from: Reggle on February 10, 2016, 01:21:36 AM
... who in the world thought of that?

Looks like Apple, according to patent #US20060253720, a google of inventors name Stuart D. Cheshire leads to Apple.

Quote from: Reggle on February 10, 2016, 01:21:36 AM
Is it really just to make other computers active so they can install software

Useful for printers when in sleep mode, that's the primary feature
waking up computers to install software looks like  a later development.



Thanks to Google and Wikipedia for filling my brain with more useless info
:professorcat:

My Moral Fibers have been cut.