how can i protect the customers and the router-os from "net cut" ...
thanks

what is "net-cut"??

net cut is a program make control on the Lan and cut off the internet .. , there are several programs do that like :
switch sniffer - big boss , ....

There is a Program called Anti netcut. I think you need to install it.

//ASHISH

Mr. ashish
thank u very much , i know that , but i want to protect my server and my customers from the " net cut"

Mr. ashish
thank u very much , i know that , but i want to protect my server and my customers from the " net cut"

From what I could find on the net, NetCut is a form of ARP poisoning. You can protect your network using a combination of Static ARP, Routing instead of bridging design, putting your client-facing network interface set to "Reply-Only" or "disabled" and using DHCP to create ARP entries.

I think you need a better operating system on the PC and proper firewall on the router

Like Linux

Mr andreacoppini
kindly
can you explane further more with details
madher

Mr andreacoppini
kindly
can you explane further more with details
madher

I'll try...

basically, don't use bridging as much as you can. with bridging comes ARP poisoning, ARP DOS attacks and all sorts of attacks which can be stopped simply by changing your network design. Route, route, route.

Then, on your access point which has clients connecting to it, change the ARP setting to "Reply Only" (not "Enabled"). This way, the access point will ignore ARP messages from clients, it will only send a reply to clients when it is asked for its own IP address.

But your access point needs to be able to communicate with your legitimate clients, so -on the access point- you need to set the DHCP server to "add arp for leases".

Finally, in order to stop your clients from poisoning (netCut'ing) each other, you need to disable 'Default Forwarding' on the wireless interface, and disable the 'Forwarding' option on any wireless clients you have listed in your wireless Access List.

If most/all of the above is not making sense to you, you need to get yourself on a MikroTik training class...

basically, don't use bridging as much as you can. with bridging comes ARP poisoning, ARP DOS attacks and all sorts of attacks which can be stopped simply by changing your network design. Route, route, route.

Hi ;
if the bridging doing problems why MikroTik not delete it from the OS ? , could you put further details about how to use the route process ?
it seems that you deeply recommend it .

Finally, in order to stop your clients from poisoning (netCut'ing) each other, you need to disable 'Default Forwarding' on the wireless interface, and disable the 'Forwarding' option on any wireless clients you have listed in your wireless Access List

sorry this will not stop netcut .
with best regards .

ahmedsaffar76:
Hi ;
if the bridging doing problems why MikroTik not delete it from the OS ?

Dude please be sure what are you asking for. Delete bridge from MT OS!! How funny.

ahmedsaffar76:
Hi ;
if the bridging doing problems why MikroTik not delete it from the OS ?

Dude please be sure what are you asking for. Delete bridge from MT OS!! How funny.

Hi ;
what do you mean ???
i replied to a person say that the arp poisoning increase with the bridging .
with best regards .

what do you mean ???
i replied to a person say that the arp poisoning increase with the bridging .
with best regards .

he means that it is a bit like saying "cars should be removed from the road because they can be used by bad people to kill pedestrians"

Bridging is a very useful (indispensable?) feature in a product like RouterOS, but just like marriage, sex and money, it has its drawbacks.

****

lol, sorry, i forgot that $EX is a big issue with techies

ahmedsaffar76 -

Well part of the problem right now is your bridge.

If you do the suggested items then there should be no interruption of service.

Q & A;

i think the DNS will make a problem , which DNS you are going to use ? for ISP1 or ISP2 ? You can use ANY dns server you want - as long as it works. You could use for speed - one DNS server from each provider.


will you make a static dns server and enable remote requests ? No static, but you can enable the remote requests. Later you'll set up a proxy DNS.


R/

this was a reply to me in another topic " Load balancing with conn mark cannot work "
you see , Galaxynet say " Well part of the problem right now is your bridge. "
most of the replies refer the problems to bridging , thus i said if all these problems come from the bridge why MikroTik not remove it ?
am i clear now ?
with best regards

Bridging is good only for small networks and novice users. Option is available because it is sometimes needed.

In general, when you make decisions, You should know what are drawbacks of that decisions.

That works for bridging too. It has drawbacks, many of them, and it has some advantages, few of them. So, if you want to use advantages of bridging, be prepared to deal with drawbacks.

MT just provides an option, it is up to you if You would use it.

Bridging is good only for small networks and novice users. Option is available because it is sometimes needed.

In general, when you make decisions, You should know what are drawbacks of that decisions.

That works for bridging too. It has drawbacks, many of them, and it has some advantages, few of them. So, if you want to use advantages of bridging, be prepared to deal with drawbacks.

MT just provides an option, it is up to you if You would use it.

Hi ;
this is acceptable and practical reply not like who compairing MT with cars or whatever .
so we all need others expirments with bridging to know all what are the benefits and the drawbacks .
when we all know that maybe each one could help the other to pass over this problem by using another method .
the forume here for this purpose .
with best regards .