Community discussions

MikroTik App
  4. RouterOS
  5. General

Hotspot dhcp offering leases by MAC Address Generator

Post Reply
 
User avatar
ayasramadhan
just joined
Topic Author
Posts: 4
Joined: Sat Feb 11, 2017 4:10 am
Contact:
Contact ayasramadhan

Hotspot dhcp offering leases by MAC Address Generator

Sat Feb 11, 2017 6:58 am

The anonymous user has tried to connect to the hotspot system by using software which generate MAC Address continously. I don't know how to block it.
leases.JPG
Image
Code: Select all
 system resource print 
                   uptime: 3h27m52s
                  version: 6.36 (stable)
               build-time: Jul/20/2016 14:09:10
              free-memory: 63.4MiB
             total-memory: 128.0MiB
                      cpu: MIPS 74Kc V4.12
                cpu-count: 1
            cpu-frequency: 600MHz
                 cpu-load: 6%
           free-hdd-space: 78.1MiB
          total-hdd-space: 128.0MiB
  write-sect-since-reboot: 13068
         write-sect-total: 15671688
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: RB951Ui-2HnD
                 platform: MikroTik
You do not have the required permissions to view the files attached to this post.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10544
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hotspot dhcp offering leases by MAC Address Generator

Sat Feb 11, 2017 12:52 pm

Enable WPA2 with a pre-shared key (password).
Top
 
User avatar
ayasramadhan
just joined
Topic Author
Posts: 4
Joined: Sat Feb 11, 2017 4:10 am
Contact:
Contact ayasramadhan

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 4:09 pm

Hi,

Thanks for your advise. it could be a solution and the network becomes more secure. the problem is the user should input the password to connect to the AP and they must login to hotspot system too. This will give bad feedback for most of users.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10544
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 4:54 pm

When you leave your frontdoor unlocked all the time it will give a good experience for nice people who want to visit you.
Unfortunately it also gives a opportunity for bad guys who want to steal your belongings.
In a good neighborhood the open-door policy may work, but apparently in the network world you live in a bad neighborhood and you need to lock your door, or the bad people will sabotage your network.
The "bad feedback for most of the users" is the price you have to pay.
Top
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 5:07 pm

There might be a solution:

1) create an insanely big DHCP IP-Pool for your Hotspot Service like : 10.0.0.2 - 10.255.255.254
2) Reduce the lease-times to something like an hour or so.
3) Run the DHCP-Service on a Router with powerful CPU.
4) Apply Rate-Limiting to DHCP-Requests per AP or Client.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10544
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 5:24 pm

That may work against this particular attack, but the bad neighbor will find another way to sabotage the network.
Top
 
User avatar
ayasramadhan
just joined
Topic Author
Posts: 4
Joined: Sat Feb 11, 2017 4:10 am
Contact:
Contact ayasramadhan

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 5:26 pm

When you leave your frontdoor unlocked all the time it will give a good experience for nice people who want to visit you.
Unfortunately it also gives a opportunity for bad guys who want to steal your belongings.
In a good neighborhood the open-door policy may work, but apparently in the network world you live in a bad neighborhood and you need to lock your door, or the bad people will sabotage your network.
The "bad feedback for most of the users" is the price you have to pay.
Understood.
sometimes we want to always open the door for anyone who wants to visit. without knowing he's a good person or not. I just looking for another way in order to keep the door opened to anyone and minimize the disruption that will occur.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10544
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hotspot dhcp offering leases by MAC Address Generator

Sun Feb 12, 2017 8:25 pm

Is this a local (indoor or on-terrain) WiFi or is it a widerange installation with clients kilometers away?
Top
 
User avatar
ayasramadhan
just joined
Topic Author
Posts: 4
Joined: Sat Feb 11, 2017 4:10 am
Contact:
Contact ayasramadhan

Re: Hotspot dhcp offering leases by MAC Address Generator

Mon Feb 20, 2017 3:47 am

Hi,
It's like inside the room and there are also some public areas. Such as Hotel, Resort or Villa has a public area
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10544
Joined: Mon Jun 08, 2015 12:09 pm

Re: Hotspot dhcp offering leases by MAC Address Generator

Mon Feb 20, 2017 11:10 am

You can only hope that those attacks are only made infrequently by guests you happen to have at that time and who
think it is fun to destroy the hotel WiFi.
When it does not occur too often, it could be acceptable. When it happens all the time, you have a big problem.
Using a WPA2 key and displaying it at the front desk is not going to cover that, as your guest still can do nasty
things (although not as much as when the WiFi is fully open).

WiFi was really designed for cooperative use, there is almost no protection against this kind of DoS.
Top
Post Reply
  4. RouterOS
  5. General