he banned from the network ,a non paying user , he got the encryption ( he is wireless ) , he scanned the network before and he got all mac's ..
i'm running DHCP . but he can get in :
a- with static IP !!!!!
b- or by changing his mac to a valid mac in my network !!!!
how can I block him ?? such a simple question ..
if its not possible .. can anybody answer this :
1- how can i prevent a user from scanning the network ??
2- how can i prevent a user with a static IP from getting in ??
-
-
virtualmystic
Frequent Visitor
- Posts: 77
- Joined:
- Location: Lahore, pakistan
its the dummiest thing i ever seen and heared ...
that bad user succeded to get in my network by taking a mac of one user and an IP of another one , he gave a static IP to his PC ..
i wonder how could he get in while i'm using DHCP and a Reply Only arp ?
is this possible ??
WHERE is MT here and its REPLY ONLY ?? and MT is replying to someone who got an IP and a mac from the list and these IP and mac are not binding to each other ???????
its like that :
arp ( reply only ) list (( and the DHCP leases list )) :
192.168.1.100 11:11:11:11:11:11
192.168.1.101 22:22:22:22:22:22
the intruder ( with static IP ):
192.168.1.101 11:11:11:11:11:11
what a SMART system , thank god ..
forget the QoS ,forget the traffic shaping, forget the protection ... protection ??? lol its a big joke !!!!!
that bad user succeded to get in my network by taking a mac of one user and an IP of another one , he gave a static IP to his PC ..
i wonder how could he get in while i'm using DHCP and a Reply Only arp ?
is this possible ??
WHERE is MT here and its REPLY ONLY ?? and MT is replying to someone who got an IP and a mac from the list and these IP and mac are not binding to each other ???????
its like that :
arp ( reply only ) list (( and the DHCP leases list )) :
192.168.1.100 11:11:11:11:11:11
192.168.1.101 22:22:22:22:22:22
the intruder ( with static IP ):
192.168.1.101 11:11:11:11:11:11
what a SMART system , thank god ..
forget the QoS ,forget the traffic shaping, forget the protection ... protection ??? lol its a big joke !!!!!
he does not use encryption protocols. so sergejs do not bother. 
he still did not understand, that he could set - ssid="comon guys - free internet"
if in wired connection you get protection from wires, so if someone illegally connected you can cut the wire or connect that wire to ~220V
with wireless you need different approach.
he still did not understand, that he could set - ssid="comon guys - free internet"
if in wired connection you get protection from wires, so if someone illegally connected you can cut the wire or connect that wire to ~220V
with wireless you need different approach.
Re: Bad user .. again and again ...
First step: change the encription keyhe banned from the network ,a non paying user , he got the encryption ( he is wireless ) , he scanned the network before and he got all mac's ..
i'm running DHCP . but he can get in :
a- with static IP !!!!!
b- or by changing his mac to a valid mac in my network !!!!
how can I block him ?? such a simple question ..
if its not possible .. can anybody answer this :
1- how can i prevent a user from scanning the network ??
2- how can i prevent a user with a static IP from getting in ??
Than make a radius auth. If it is not enough you need use pppoe last way.
I think, WPA2 with radius is enough for you. If not, take strong friends and... ;>
Re: Bad user .. again and again ...
Inside on any wireless AP, there should be a function called "Client Security". That should do the trick. Client Security disallow any scans towards the client connected to that AP. I am using a DLink AP and turn on the client security of every equipment in my hotel (Hilton).he banned from the network ,a non paying user , he got the encryption ( he is wireless ) , he scanned the network before and he got all mac's ..
i'm running DHCP . but he can get in :
a- with static IP !!!!!
b- or by changing his mac to a valid mac in my network !!!!
how can I block him ?? such a simple question ..
if its not possible .. can anybody answer this :
1- how can i prevent a user from scanning the network ??
2- how can i prevent a user with a static IP from getting in ??
Have you tried to use authentication? That should do the trick. Even he has a valid mac address, he needs to log in.
it doesnt matter if he is wired or wireless , he is an old client .. he was connected before .. he got the DAMNED ENCRYPTION in his access point .. changing the encryption is the solution ?? oh really ?? no kidding ?? changing 100's of Ap's encyption wirelessly ??
and mr. janisk would you please explain for me why we need reply-only option for ???? why MT become a jackass when someone fooling it by taking mac from the list and IP from the same list but from another user ?? for god sake REPLY-ONLY what was made FOR ????
sergejs , we want to be available to anyone connected to our hotspot , so we dont want to use encryption , as 100's of non-MT ISP do .. what about hotspots at airports and public places ??????
sergejs, there is an example in the manual about using 2 pools , why nobody can make it run succesfully ????
why we cant prevent any user from making scan ?? is that scan made by god so nobody can stop it ??????
you are talking about the security of the wireless , i'm talking about so-called MT security .... !!!!
and mr. janisk would you please explain for me why we need reply-only option for ???? why MT become a jackass when someone fooling it by taking mac from the list and IP from the same list but from another user ?? for god sake REPLY-ONLY what was made FOR ????
sergejs , we want to be available to anyone connected to our hotspot , so we dont want to use encryption , as 100's of non-MT ISP do .. what about hotspots at airports and public places ??????
sergejs, there is an example in the manual about using 2 pools , why nobody can make it run succesfully ????
why we cant prevent any user from making scan ?? is that scan made by god so nobody can stop it ??????
you are talking about the security of the wireless , i'm talking about so-called MT security .... !!!!
1) Do not use "bad" encryption, use good encryption (WPA[2]).
2)
3) As many times were recommended, e.g. when wireless network is used, create additional VAP, that should be avaible for all clients, but without internet access. Put information to login page, how user car get access to full Internet access.
4) What is the problem with MT security ?
Use RADIUS server that will be responsible for client authentication, set MikroTik AP to use RADIUS server for wireless clients. Use appropriate configuration settings on clients (certificate, user password), then illegal user will not have too many chanes to get access to public network.
Try to test EAP on small clients network and try to test it security, I guess it is very hard to get access to such network, if network is properly configured.
5) PPPoE might be used instead, it also requires configuration on client side.
2)
If you need anyone is able to connect to HotSpot, anyone is able to connect to it (and perfrom specific actions)., we want to be available to anyone connected to our hotspot , so we dont want to use encryption , as 100's of non-MT ISP do .. ??????
3) As many times were recommended, e.g. when wireless network is used, create additional VAP, that should be avaible for all clients, but without internet access. Put information to login page, how user car get access to full Internet access.
4) What is the problem with MT security ?
Use RADIUS server that will be responsible for client authentication, set MikroTik AP to use RADIUS server for wireless clients. Use appropriate configuration settings on clients (certificate, user password), then illegal user will not have too many chanes to get access to public network.
Try to test EAP on small clients network and try to test it security, I guess it is very hard to get access to such network, if network is properly configured.
5) PPPoE might be used instead, it also requires configuration on client side.
I said before , i'm not using MT as an AP , couse I cant , I'm using MT RouterOs on a PC and I have a long distance between MT and the antenna , about 50m , so I'm forced to use another AP on the tower ..
thanks for all suggestion ..
but no one answered this :
arp ( reply only ) list (( and the DHCP leases list )) :
192.168.1.100 11:11:11:11:11:11
192.168.1.101 22:22:22:22:22:22
the intruder ( with static IP ):
192.168.1.101 11:11:11:11:11:11
how can he get in using one user IP and another user mac ?
thanks for all suggestion ..
but no one answered this :
arp ( reply only ) list (( and the DHCP leases list )) :
192.168.1.100 11:11:11:11:11:11
192.168.1.101 22:22:22:22:22:22
the intruder ( with static IP ):
192.168.1.101 11:11:11:11:11:11
how can he get in using one user IP and another user mac ?
Who is online
Users browsing this forum: schlachet and 26 guests