is there anyway to prevent hotspot hack by my clients?

this 1 the way i found it online to bypass mikrotik hotspot login..
http://www.youtube.com/watch?v=I22NSeutHLM
anyway to prevent it?

is there anyway to prevent hotspot hack by my clients?

Specify the "hack" you are talking about. Are they guessing your password? Are they prying your hotspot off the post?

is there anyway to prevent hotspot hack by my clients?

Specify the "hack" you are talking about. Are they guessing your password? Are they prying your hotspot off the post?

http://www.youtube.com/watch?v=I22NSeutHLM

this is how they bypass mikrotik hotspot.. anyway to prevent this?

After looking at the video its a fairly simple mac address clone from looking up the arp tables of people in the network, picking someone who we guess is logged in and clone in their mac address and IP address and then use their existing login.

My experience with Hotspot is not very extensive but it would seem to me that to help prevent this you would want to start with turning off default forward on your Wi-Fi AP to give client layer 2 isolation. This would probably not be a solution as they are bound to be able to still locate mac addresses of other devices.

Other than that I will hand over to other more experienced people to advise.

Regards
Alexander

they work over Ethernet in the video, so the solution is to use managed switches with IP-MAC-Port binding

My question would be, is this possible over wireless and what is the solution?

how to Protect your hotspot from hacker
1- go to ip address
change the "Local"(out interface) subnet mask to 8 (255.0.0.0)
ex: my Local ip is 192.168.10.1/24 change to 192.168.10.1/8

2- go to ip dhcp server - network chane the subnet to 8

IBR771,

Can you explain why this would work? I would like to know to improve my knowledge. Also I will be setting up a large hotspot, am getting information that some people are saying that they will by my 24hour voucher connect to the wifi via a computer and then do internet connection sharing to share the internet with other people. I know Mikrotik can stop this, I heard it when I took the mikortik routing class but I dont remember. Can anyone guide me on this. I had posted before I found this post.

http://forum.mikrotik.com/viewtopic.php?f=2&t=100074

Hi,

how to Protect your hotspot from hacker
1- go to ip address
change the "Local"(out interface) subnet mask to 8 (255.0.0.0)
ex: my Local ip is 192.168.10.1/24 change to 192.168.10.1/8

2- go to ip dhcp server - network chane the subnet to 8

I would like to read the explanation too. Thanks.

Ape

Specify the "hack" you are talking about. Are they guessing your password? Are they prying your hotspot off the post?

Sorry to bump up an old thread, but i've try to search the forum for the solution, but can't find any.

The "hack" I'm talking about is user guessing my password many times, since I'm using a password with format of "blablaXXblabla", where XX is 2 digits number and blabla is constant string. Every day XX is changing randomly.

So the user is guessing from 00 to 99, without being banned by mikrotik automatically. I want to limit the number of guessing password to 5 times. So if any users input the password wrongly for 5 times, they will be banned for several days based on their mac addr.

I can't figure out how to do that, and where to do that.

Fyi, I've limit the number of guessing password for ssh and winbox to 3 times by manipulating the "connection state" equal new. That's how I would know that users are trying to guess (brute force) my mikrotik password.

--
Regards,
Denni