MikroTik

HI everybody
any idea to hide user MAC address?
i have many hackers trying to scan my network searching to any MAC cokes active user, So they change their MAC using some programs and login using the stalled MAC.
I'am trying to find any idea to HIDE the MAC address.
please help

Well, hiding MAC addresses would break your network :-)
I guess you're talking about a wireless hotspot, right?
I would do it this way:

Set your DHCP server to add ARP entries for leases.
Set your LAN-facing interface to reply-only arp.
Stop client2client communication (default forward in w/l settings)
If you're using multiple w/l interfaces added to a bridge, give all of them the same bridge horizon, this stops inter-port-communication on the bridge.
If still necessary, add bridge filters to drop any arp request coming in from client-facing interfaces leaving the bridge on other client-facing interfaces.

This still won't stop attacker's ability to spoof mac addresses, but will make it more difficult.

-Chris

Well, hiding MAC addresses would break your network
I guess you're talking about a wireless hotspot, right?
I would do it this way:

Set your DHCP server to add ARP entries for leases.
Set your LAN-facing interface to reply-only arp.
Stop client2client communication (default forward in w/l settings)
If you're using multiple w/l interfaces added to a bridge, give all of them the same bridge horizon, this stops inter-port-communication on the bridge.
If still necessary, add bridge filters to drop any arp request coming in from client-facing interfaces leaving the bridge on other client-facing interfaces.

This still won't stop attacker's ability to spoof mac addresses, but will make it more difficult.

-Chris

Mr. Chris
Thanks a lot for answering my post
i'll try and inform u
feras

can you give me some bridge filter for droping arp request coming from vlans in bridge with other vlans so they wont know clients macs on other vlans because of the bridge