How to check if a device is centrally blocked from network connection

Devices may have some or all of their network traffic blocked centrally in response to symptoms of a security issue, misuse or behaviour that adversely impacts other network users

Expand All

Devices sending more than 360 ARP requests per minute will be identified by MAC address and COWLS FroDos will not respond to further ARP requests from this MAC address for 1 hour.

A record of devices detected as exceeding this threshold is available to registered ITSS in Teams > ITSS Community > Technical > Files > arp source-mac attacks detected.

Further information

Rationale and technical background for this scheme were shared on the itss-discuss maillist at its inception in November 2021.

Devices generating traffic that is alleged or suspected to arise from a security compromise or illegal use of the device may be blocked by MAC address on request of OxCERT.

There is currently no means for registered ITSS to check if a specific MAC address has been blocked in this way.

Other types of restriction may be implemented on centrally-managed networks. These include:

  • Blocking an individual's remote access account, affecting their use of eduroam and OWL WiFi, Oxford VPN, and some college/department network services
  • Blocking selected types of network traffic regardless of the device or user

Related links

Get support

If you cannot find the solution you need here then we have other ways to get IT support

Get IT support