Community discussions

MikroTik App
 
SniperWolf
just joined
Topic Author
Posts: 18
Joined: Mon Aug 08, 2005 12:43 am

Tricking MT router (Hacking hotspot)

Sun Nov 12, 2006 10:02 am

Few days ago I read that topic which it was about hacking the hotspot.

I just wanted to give more details about this issue because the same thing happened with me also and I still didn’t figure a way to sort it out
This is a part of my network digram

Image

In my network, I Have three outdoor access points connected to sector antenna in turn. All of the APs are connected to hub. The ether2 (Local) port in my MT box is connected to the hub as well to distribute the hotspot service. I didn’t set any security in my access points, it is very important to me that any subscriber can easily connect to my network as it possible.
Since my wireless network is open for anyone, some subscribers reported that they get the "conflict IP address" message several times. I told them just to make repair and it will be solved, but later I found out what was going on.
Anyone able to connect to my wireless network can make an IP scan and copy the IP address and the associated MAC ID from IP scan result. The intruder will set his computer IP address to the same one from the IP scan and using a simple program to clone the MAC ID or from the device manager proprieties can change the MAC ID. Now if the host IP logged in using his username and password, then intruder will be able to use the internet service without typing username and password since the host IP is logged already.
Other WISP reported the same thing happened with them. I tried it myself and it worked, I cloned an IP address and MAC ID to my laptop and I was able to use the internet without typing my username and password.
I thought the problem is from the hotspot itself. I thought to see whether the problem from the hotspot or not, I reconfigured another MT box as a router only, and I connected two laptops with the same IP address and MAC ID, I just got the "conflict IP address" message, but both machines use the internet properly.

I dont think if I will block the scanning ports to prevent the useres from doing an IP scan will help in my case, becasue the IP scanning process is done at the access points and MT can't block the access points.
Number of sessions per user is only one, and this won't change anything since I used the MT as router only in my experiment to define where the problem might be.

I am going to email this to MT, but I thought to share it with you guys to see if someone faced it already and can help us to sort it out.


Regards
Salah
 
akram
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Wed Aug 10, 2005 4:58 pm

Sun Nov 12, 2006 12:14 pm

where r u now salah , i mean what country?
 
SniperWolf
just joined
Topic Author
Posts: 18
Joined: Mon Aug 08, 2005 12:43 am

Sun Nov 12, 2006 12:57 pm

I guess you are in the same country. anyway I am from Iraq.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Sun Nov 12, 2006 2:22 pm

You need to block access through the APs until the client has authenticated. This has to be done on the AP itself using one of the EAP protocols with a RADIUS backend. Once authenticated, the client is issued a network key and further communication is encrypted. Periodically, the AP and client negotiate a new key so you can use even relatively insecure protocols such as WEP. Sniffing a MAC address will have no benefit because the packet will be discarded by the AP.

Alternatively, once the client is authenticated, open a VPN tunnel between the client and hotspot and reject packets on the hotspot that haven't come from a tunnel.

Both approaches have their merits but the first is potentially more secure and there's less impact on the user i.e. They don't have to open a VPN once connected.

Regards

Andrew
 
SniperWolf
just joined
Topic Author
Posts: 18
Joined: Mon Aug 08, 2005 12:43 am

Sun Nov 12, 2006 5:07 pm

Well Andrew, I agree that your approaches are the best solutions yet, but the problem that I still tend tolet my wireless network open for every one as it is a very importnat advertisement for my wireless network and the services that I provide the free wireless network, I have local server which contain up to date software and other stuff and any subscriber can download freely as it costs me nothing, but I charge them for tthe internet service only, so thats why it is important for me to keep my wireless network open.
Thanks for your suggestions
 
Diganet
Member
Member
Posts: 342
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Sun Nov 12, 2006 9:06 pm

Well Andrew, I agree that your approaches are the best solutions yet, but the problem that I still tend tolet my wireless network open for every one as it is a very importnat advertisement for my wireless network and the services that I provide the free wireless network, I have local server which contain up to date software and other stuff and any subscriber can download freely as it costs me nothing, but I charge them for tthe internet service only, so thats why it is important for me to keep my wireless network open.
Thanks for your suggestions
Set up a Virtual unencrypted AP/SSID for the free network and use encryption/802.1x on the internet network.. You can set up a HTTP redirect on the free network to a page that advertise your commercial net. We do the same here..

/Henrik
 
SniperWolf
just joined
Topic Author
Posts: 18
Joined: Mon Aug 08, 2005 12:43 am

Sun Nov 12, 2006 10:16 pm

Well, I'll need some help to follow with your idea. I work mostly with the communication part usually like microwave and vsat and so. for MT i know only how to do the simple things like routing and hotspot and these easy things. so if it is possible that some one can give me more details on how to implment the virtual network along with the free network and redirection and so.
well, anyone can spend more time with me and tell me how ?

What about MT guys, i wonder if what is happening with us is somethign normal and no backdoor or somethign wrong with MT router?

anyway, thanks for who posted already, at least I have some options now.
 
User avatar
GWISA
Member
Member
Posts: 389
Joined: Tue Jan 31, 2006 2:37 pm
Location: Johannesburg, South Africa

Thu Nov 16, 2006 7:28 pm

I assume by your description, all the AP's are wireless bridges? So users can share files across AP's on a tower, and anyone is free to do so?

If so - then how about separating the AP's with a routerboard, run a hotspot server on each interface and turn default forwarding off? You could have a 'walled garden' to your public free access server then for file sharing with no real easy way to get in.

Use different IP subnet pools on each interface and masquerade all of them out the internet interface.

That should give you a reasonably tight network, and still keep the public access service. It's also really easy to set up - RB532 & 502 daughterboard + 4 Wlan & run the hotspot wizard for each AP and you're off!
 
qusay1234567
just joined
Posts: 1
Joined: Fri Jun 22, 2007 11:42 am

Re: Tricking MT router (Hacking hotspot)

Fri Jun 22, 2007 12:28 pm

thank uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu

Who is online

Users browsing this forum: EnglishInfix and 24 guests