MikroTik

Hii Guys

I'm trying to detect untrusted fake Mikrotik router (installed by hacker on virtual machine) in my wlan & kick it out
here is my simple script (noOBy one)
I got error when trying to add detected mac address to acces list
Any help appreciated

Thank you

This works...
RGDS

This works...

Code: Select all

:local int;
:local machack;
:foreach int in=[/ip neighbor find] do={
  :if ( [/ip neighbor get $int value-name=identity] = "Mikrotik" ) do={
  :log info "Hacker!";
  :local machack [/ip neighbor get $int value-name=mac-address];
  /interface wireless access-list add mac-address=$machack;
  } else={:log info "CleaN!"}
}

RGDS

Thank you jcem
work like charm!

Now i'm trying to detect fake mikrotik by "board name" value
if "board" value null ofcourse it's fake because it's a virtual machine based
so i tried this :
But the script couldn't understand the null value so it give
log message CleaN!

What does
give you?

X= the number of the neighbour

true or false?

whats wrong with this script.....whenever i use this script i was unable to load balance....only one only WAN work at a time.However failover is working fine but both of the WANs donot work together.....any help?helpful answer will be appreciated
/ip address
add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2


/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

whats wrong with this script.....

What has this to do with detecting a fake virtual Mikrotik? You should not 'hijack' an existing post thread that is nothing to do with your problem. Please create a completely new forum post.