Hello, there!

Unfortunately, it has been started.
Mean spoofing, when I use unlicensed freqs, as we all use - 5GHz.

I have a lot of base stations, antennas, built on Mikrotik boards. It works great, until new wireless company goes 'on my terrain'.
There is a bad guy, which sets up wireless card same, as mine.
He scans air, scan result is mac, frequency and ssid (even if ssid is hidden).
He sets up same mac, freq, ssid - applying this settings by him, causes lots of station disconnects from my base station.
When bad guy is spoofing my base station, it causes reconnecting stations, and disconnect clients from network access.

I have red a lot of articles with 'hide-ssid' topic, etc. IMO there is no solution of the problem, because of physical connection (station sees two bases with exactly same settings).
Hidding ssid do not cause disappearing ssid from the air, causes only disappearing ssid from bacon.
Is it possible e.g. encrypt beacon? My idea is to mix into the bacon any unique ID, to make wireless settings unable to spoof. But there is a problem with encryption of beacon frames, is it possible?

Please help, may be there is a tip, which solve problem.
Best regards

Butchesky

Hello, there!

Unfortunately, it has been started.
Mean spoofing, when I use unlicensed freqs, as we all use - 5GHz.

I have a lot of base stations, antennas, built on Mikrotik boards. It works great, until new wireless company goes 'on my terrain'.
There is a bad guy, which sets up wireless card same, as mine.
He scans air, scan result is mac, frequency and ssid (even if ssid is hidden).
He sets up same mac, freq, ssid - applying this settings by him, causes lots of station disconnects from my base station.
When bad guy is spoofing my base station, it causes reconnecting stations, and disconnect clients from network access.

I have red a lot of articles with 'hide-ssid' topic, etc. IMO there is no solution of the problem, because of physical connection (station sees two bases with exactly same settings).
Hidding ssid do not cause disappearing ssid from the air, causes only disappearing ssid from bacon.
Is it possible e.g. encrypt beacon? My idea is to mix into the bacon any unique ID, to make wireless settings unable to spoof. But there is a problem with encryption of beacon frames, is it possible?

Please help, may be there is a tip, which solve problem.
Best regards

Butchesky

Read this topic below. unless the "bad guy" is doing this unintentionally, then there is nothing you can do.

http://forum.mikrotik.com/viewtopic.php?f=2&t=23645

Are all your cpe's Mikrotik units? If they are then use Management frame protection.

Does this Guy use Mikrotik too, try doing something like working out of band one evening, use a "superchannel"

Does he/she follow you to the same frequency?

Are you using WPA2/PSK on your AP?

Put a CPE in your car with "supermarket inverter" use a shielded yagi type antenna and then go to SCAN mode, use the filter options and put AP mac address in... Being careful not to confuse yourself with your own AP signals, start off at say 200 metres from your AP, stand with your back to your AP, and bearing in mind the front to back ratio of the shielded yagi antenna, you should be able to find the culprit in under half an hour.

Then beat the crap out of him.

I managed to find my attacker with 15 mins.

Unfortunately, I have MTs only on base stations; management frame protection seems to be very good, but not at my network.

He's using exactly the same frequency.

Yes, I'm using WPA2/PSK security options.

I have tried to find out location of spoofing (with 'mobile MT with antenna') - there is one building with antennas of... three different companies, including this spoofer. They are mounted 3-6m betweeneach other, scan do not give clear answer to catch this competitor.

I'm afraid that there is nothing to do at all

Thak you for helpfull suggestion and link.
It's a shame, that 'hide-ssid' do not really hide but I have red all topics, I understand problem.

If this is any suggestion, please be so kind and share ur experience,

Rgds,
Butchesky

Unfortunately, I have MTs only on base stations; management frame protection seems to be very good, but not at my network.

He's using exactly the same frequency.

Yes, I'm using WPA2/PSK security options.

I have tried to find out location of spoofing (with 'mobile MT with antenna') - there is one building with antennas of... three different companies, including this spoofer. They are mounted 3-6m betweeneach other, scan do not give clear answer to catch this competitor.

I'm afraid that there is nothing to do at all

Thak you for helpfull suggestion and link.
It's a shame, that 'hide-ssid' do not really hide but I have red all topics, I understand problem.

If this is any suggestion, please be so kind and share ur experience,

Rgds,
Butchesky

Ok, what if you use multiple SSID's (virtual AP's) on the Mikrotik. Perhaps the other guy will spoof one or some of your SSID's, but not the others... let him continue to spoof one of them while you are using a different one. Maybe even setup a LOT of fake SSID's (I think you can make up to 128 on a single mikrotik). Basically, try to overflood him with SSID's... then you use just one of them from the middle of the list to be your real one!

With a few mikrotiks, you could easily flood the area with over 1000 SSID's! Let him try to spoof all of those while he has no idea which one you are actually using!!!

I don't know any legal issues regarding you doing this, it's just an idea.

if you know where he is, setup directionals flooding data and ssids to him. or get a noise generator, an amp, and a directional and knock his communications completely out lol

if you know where he is, setup directionals flooding data and ssids to him. or get a noise generator, an amp, and a directional and knock his communications completely out lol

A noise generator would definately be on the "other" side of the legal fence...

Solving the problem "mechanically", as wirelesswaves suggested, is not quite legal also, but most effective

janafields: I'm just doing that job as well since few days, generating multipy SSID base station,
I tkink idea is good, but rather temporarily; thanks for advice. At the moment, it works.

Point is, that in simple MT scan you can see actual usage of exact ssid. Generating 50 ssids and only one really working shows 50 ssids loaded at 0% and 1 loaded in actual value <>0.
Better is to generate some real SSIDs, and connect stations by groups, meanwhile to generate some fake SSIDs. It can unload main stream to smaller, %of usage can be nearly 0, if group of 2-3 stations will be only at 'standby', without stream or any transmission.
During the scan it will show so many 'chaos' at the air, that 'scrambler' will give up.

But, I'm simply trying to find solution to solve the problem (e.g. management frame protection), but in configuration MT as base AP <-> CPE/UBNT clinet antennas. Unfortunately only this equipment was available on our local market. At the moment I choose MT on base and SXT at client, but what to do with existing customers

I know, that is hard to find good solution; there is question to mikrotik support:
Is it possible to find solution (like frame protection) for MT and non-MT hardware?

Rgds
Butchesky

taduikis: this is right, but thinkink in this way is way to nowhere.

What, if market will be full - and next: service providers will offer same conditions for customers.
This moment can be hard for determined salesman, what can he do?
He can try make 'the sales result' in any possible way.
He can make it on illegal ways, either.
There can be very bad moment for engineering/technics - because there is no way to solve problem.

Point is: is it possible to standarize frame contents or frame encryption between different hardware?

I understand policy that MT-MT has its own solution, (frame management...) - that helps to take market, but it's far away from wireless standards.

There was a moment, when MT was better, than ubnt, next moment it was TDMA with UBNT dominance. Many people, working on areas with high noise exploitation knows problems with MT CSMA problems, low productivity, etc; they know what am I talking about.
There is no 'MT is better than others' problem, but that determines direction of changing products - implementation TDMA on 5.xx firmware, known as nv2. Very good job! Works fine, but why not with any other hardware?

I'm just trying to find wise compromise.

There is no place to leave 'black holes' with companies, which offering Internet providing service.
Too many companies have a lot of different hardware; there is no way to 'change all existing network' to new one (e.g. exchange working ubnt products to mt in client area). There is no funds to make it happen.

Simply, there is possibility to find any acceptable solution for everyone.
Don't you think?

Sorry for long digression, there is late hour, and nothin on tv

Rgds
Butchesky

Point is: is it possible to standarize frame contents or frame encryption between different hardware?

Of course it is possible, but it will not happen. Don't even think about it, it's a dead end.

Point is: is it possible to standarize frame contents or frame encryption between different hardware?

Of course it is possible, but it will not happen. Don't even think about it, it's a dead end.

Sure. MTik needs to push their own products in any way they can. If they start making their equipment highly compatible with other brands, they are cutting the branch they sit on. And as for implementing something like management frame prot to work with other vendors, I don't think it's possible, unless some universal standard exists..

By the way, "mechanical solving" wasn't a suggestion, it was just some loud thinking

I'm just 'loud thinking' about changing spoofing omni antena to baseball Looks similar ))) Works a little bit worse on 5GHz )))))

But it might send the message to that troublemaker give a try ) it'd be fun atleast.

if you know where he is, setup directionals flooding data and ssids to him. or get a noise generator, an amp, and a directional and knock his communications completely out lol

A noise generator would definately be on the "other" side of the legal fence...

you can keep it in the public spectrum. why would that be illegal?