hi all,

since there is a know security issue in hotspot feature :

suppose a letigimate user PCA with MAC A is already authenticated in hotspot server.

an attacker who know MAC of PCA, can fixe it on its PCB ( MAC spoofing), and get automatically IP of PCA, and then begin to browse without need authentication.

is there any countermesure solution on Mikrotik Os ?

thanks for your reply

On switched platforms use edge security (DHCP snooping, ARP snooping, 802.1x, port security on Cisco), on wireless platforms use the equivalents (WPA etc.) - the Hotspot servlet cannot possibly tell the difference as the client looks absolutely legitimate as it has the same MAC and IP address. You either prevent the customer from spoofing at all or must accept that the Hotspot cannot defend against spoofed connections.