Page 1 of 1
Check connected client HWID!
Posted: Wed May 30, 2012 8:43 pm
by PaRaN0iD
Hii Guys
Is that possible ?
I want a script to check the wireless client (Hardware Identification Number) when the client connect to Mikrotik
Compare the ID against Stored ID's if not kick him
off course a third party software on trusted clients installed to communicate with! if that software exist !!!
Just give me your ideas
Re: Check connected client HWID!
Posted: Mon Jun 04, 2012 4:11 pm
by janisk
just a thought what about using access-list to limit connections only from known mac addresses together with WPA-PSK and AES and then create PPPoE tunnel over wireless link. That might sound a bit of a overkill, but PPPoE client is widely available, WPA/WPA2 wireless link encryption is reasonably safe.
Re: Check connected client HWID!
Posted: Tue Jun 05, 2012 12:23 pm
by PaRaN0iD
Hii
Thank you for advise
but my situation is more complicated
it's easy here to spoof mac address so access list is useless
my bandwidth is limited so I don't want to use WPA
WPA fishing attack is easy
any ideas please
Re: Check connected client HWID!
Posted: Tue Jun 05, 2012 12:30 pm
by janisk
WPA has no impact on data transmission speeds over wireless link, especially if you use MikroTik wireless cards that do WPA/WPA2 encryption on the card.
Using current methods WPA/WPA with AES can be broken in no less time than in a month. Thus bringing you security and same speeds as unencrypted wifi link. However PPPoE will add some overhead but that is overkill if you are using secure wireless link already.
Re: Check connected client HWID!
Posted: Wed Jun 06, 2012 9:08 pm
by PaRaN0iD
Re: Check connected client HWID!
Posted: Wed Jun 06, 2012 9:25 pm
by boen_robot
Could you please make subtitles or an English version of this? I understood nothing of what happened. I don't even know if you illustrated a vulnerability or what.
Also, if the problem is WPA... does WPA2 raise the same concerns?
Re: Check connected client HWID!
Posted: Wed Jun 06, 2012 9:32 pm
by c0d3rSh3ll
similar to this...
foreach i in=[interface wireless registration-table find ] do={
local name [interface wireless registration-table get value-name=radio-name $i ]
if ($name!=$name_of_radio) do={/kick him}
}
you set name_of_radio from file or variable.
Re: Check connected client HWID!
Posted: Thu Jun 07, 2012 9:03 am
by janisk
you can do that with access-list of the AP. Then you can turn default forwarding off.
I look at security this way - how long will it take for an attacker to get to me. If that time is of reasonable length it is good enough as there are no super safe mechanisms that cannot be broken eventually.
So if you use wireless on RouterOS router, then enable WPA2, AES chipers, turn off default forwarding, create access-list. If all of that is not enough you can always go for encrypted tunnels and/or hotspot.
Re: Check connected client HWID!
Posted: Thu Jun 07, 2012 10:58 am
by PaRaN0iD
Thank you Guys
"boen_robot" forgive me it's in Arabic the attack idea depend on how windows system at client side
drop secure WiFi network "WPA" and trying to connect to unsecured one with signal strength strong than
the secure one
"c0d3rSh3ll" Thank you it's interesting script would you explain if the Radio name is a unique value for each wireless
client or it just the MAC address of the client adapter ?
"janisk"
all the procedures you talking about is secure enough but my situation is special we working as secondary providers
the main provider use PPPOE system with no encryption at our mikrotik router's and they won't change their policy
for no reason so I'm trying to secure my Wlan with this type of script I'm just looking for unique value to depend on
that hackers can't get it like HWID or radio name as c0d3rSh3ll says if it's unique for every client
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 3:32 am
by c0d3rSh3ll
radio_name is a name of radio, you can set the name in interface wireless in routerOS.
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 12:14 pm
by PaRaN0iD
radio_name is a name of radio, you can set the name in interface wireless in routerOS.
So if I give a client with MAC (00:11:22:33:44:55) radio name (my client) MT router link the MAC with this radio name
in data base
but the hacker can easily spoof any MAC address in my Wlan so the script is useless
am I wrong?
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 3:29 pm
by c0d3rSh3ll
yes, you are wrong.
mac address is not a name radio.
routerOS support this feature, I dont kwon if other vendor support it.
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 3:55 pm
by normis
radio-name is a proprietary field where you can describe the device. by default it has the MAC address, but it has no meaning, it's a simple text field.
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 5:47 pm
by PaRaN0iD
The question is : if My client MAC is (00:11:22:33:44:55) & I give him (john) as radio name in Registration table
then every time this client connected to my AP his radio name appear corresponding to his MAC?
Right?
what if a hacker spoof this MAC (00:11:22:33:44:55) and try to connect to my AP
he will appear as (john) radio name too ?
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 6:27 pm
by samsung172
The question is : if My client MAC is (00:11:22:33:44:55) & I give him (john) as radio name in Registration table
then every time this client connected to my AP his radio name appear corresponding to his MAC?
Right?
what if a hacker spoof this MAC (00:11:22:33:44:55) and try to connect to my AP
he will appear as (john) radio name too ?
no
Re: Check connected client HWID!
Posted: Fri Jun 08, 2012 6:32 pm
by samsung172
radio-name is a proprietary field where you can describe the device. by default it has the MAC address, but it has no meaning, it's a simple text field.
its a nice feature, to hide ssid to all normal ppl in a mikrotik net. Use hide ssid, and use the ssid as radioname. Then you will always know the ssid, from mikrotik scan, and a regular guy on street dont see your net at all.