0
Closed

Block rogue connections by MAC or IP address

Chris Hartwig 7 years ago updated by anonymous 6 years ago 2

We are seeing rogue workstations in the control panel after adding our executable to our screenconnect page. I have removed them but they keep coming back. I would highly suggest you at the very minimum update the software to be able to block these connections by their IP and MAC address. This would keep them from showing up in the control panel. Image if this were an enterprise customer and they pushed the installer out to 2000 endpoints. That would make a mess of my account.

Answer

Answer
Closed

Hello Chris,

The problem you're having can be solved by using a session group to capture these unauthorized machines. You can use the filter, NOT $OTHEROR to do this.


you can remove it from within the END menu. select "Uninstall and End" which "Combine both options by first uninstalling the client software and then removing the session from the list." I know that this isn't really a solution for rogue IP addresses, but it does attempt to uninstall the software first, so you get the chance of removing it's attempts to connect to your server. blocking at the IP level, while effective, consumes resources on every TCP connection, so should be avoided if possible.

Answer
Closed

Hello Chris,

The problem you're having can be solved by using a session group to capture these unauthorized machines. You can use the filter, NOT $OTHEROR to do this.