Hacking Hotspot
RouterOS general discussion

117 posts   •   Page 3 of 3   •   1, 2, 3
nvrpunk
just joined
 
Posts: 6
Joined: Sat May 24, 2008 5:44 am

Re: Hacking Hotspot

by nvrpunk » Sat May 24, 2008 6:31 am

Ban the MAC address access, wait till someone emails, verify they are the paying subscriber. By the time this is said and done, the *hackers* will be tired of wasting time, especially if you repeat this process.

Although this may be an inconvenience to the paying customer it will deter the hackers from bothering as they will have to do more scans, hop macs etc.

User avatar
omega-00
Forum Guru
Forum Guru
 
Posts: 1125
Joined: Sat Jun 06, 2009 4:54 am
Location: Brisbane, Australia

Re: Hacking Hotspot

by omega-00 » Mon May 26, 2008 3:55 pm

Hellbound wrote:I fully understand how painful is that.
I'm just changing 3 3com switch and 1 linksys web-smart switch because their web service are simply crashing and we can't even telnet, I dont know why. maybe stability is something cisco is selling. and honestly it is very very painful. but what's the choice anyway?


We had similar problems with the most recent range of linksys switches - IMHO they are crap.

In regards to what people are saying about not turning on encryption I fully understand the reasons, most clients have NO idea about connecting up or changing from one network to the other let alone connecting to a secure network. It would be GREAT to be able to do this but in theory most clients wouldn't understand and you couldn't expect to force all of them onto the secure one by disabling internet access via the unsecured.

With regards to blocking the hacks, this isn't a mikrotik issue.. mikrotik provide devices that will give you access when given the right information.. every network admin should know that you can't control whats going on at the users computer although you can control what comes through your device. Now if you can think of a constructive way that would stop these hacks from occuring without the user having to jump through hoops just to get online then by all means share it. If you can't then don't blame others for the issue.

My thought would be this, for users with a dhcp assigned address and a dhcp client id, why not devise a method to reverse check that the computer connected has that same client ID and if not, drop the wireless connection

roland
newbie
 
Posts: 43
Joined: Sat Jan 22, 2005 1:03 pm
Location: Thailand

Re:

by roland » Wed May 28, 2008 7:36 am

skynoc wrote:any guru can solve this problem?



We had similar MAC cloning on our hotspots, especially because we also use/offer the TRIAL feature ('free' for a few minutes per day). It is impossible to see a difference between real and fake MACs, however each time they change the MAC, they get a new IP from our DHCP, and a new entry in our DHCP table with their hostname.

So, the hacker most likely is about to produce multiple, hostname-identical DHCP traces.

I made two scripts. Script-A is COUNTING same-hostnames in the DHCP table.
Given the fact that maybe 2 people have same hostname and connect at the same time, we set the 'possible-hack-limit' to >2 same-hostnames.
The script write a global variable of list type ("hacklist"), which hold the identified hostnames. Schedule updates the list (run the script) every 2 minutes.

Scripts-B (runs every 20 seconds), uses the global hacklist, get the IP per host from DHCP tabble, scans the hotspot active users and kicks out those IPs.

after 2 times changing the MAC address, the hacker get a 20sec access at most.
I know that the hostname can be changed easily... however, it usually requires a PC-restart. Our hackers are all gone.
===================
script-A: (run every few minutes)
:local hosts [/ip dhcp-server lease find]
:local pcname "X"
:local pcnum 0
:global hacklist ""
:foreach h in $hosts do={
:local host [/ip dhcp-server lease get $h host-name]
:if ([:len $host] >0) do {
:set pcname ($pcname . "," . $host)
:set pcnum ($pcnum + 1)
}
}
:foreach h in $pcname do={
:local hh 0
:if (!([:find $hacklist $h]>=0)) do={
:foreach k in $pcname do={ :if ($k=$h) do={:set hh ($hh + 1) } }
:if ($hh>2) do={
:if ([:len $hacklist] >0) do {:set hacklist ($hacklist . "," . $h)} else={:set hacklist $h}
}
}
}

# monitor results in logfile once an hour
:local timer [:pick [/system clock get time] 3 5]
:if (($switch > 0) || ($timer >= "58")) do={
:log warning ("New Hacklist: " . $hacklist)
}

=======================
script-B (runs every 20 second)
# use global hacklist variable
#:log info ($hacklist)
:foreach host in $hacklist do={
:foreach i in= [/ip dhcp-server lease find host-name $host] do={
:local ipnum [/ip dhcp-server lease get $i address]
:local unum [/ip hotspot active find address $ipnum]
:if ([:len $unum] >0) do {
:local usr [/ip hotspot active get $unum user]
:log warning ($host . " " . $ipnum . " " . $usr)
#next line kick them out right now, could also check pppoe
/ip hotspot active remove $unum
#other stuff can do now with the identified IP and USER
}
}
}

================
hope it helps. it does in our case.
And sorry for the long post :)

cravetou
Frequent Visitor
Frequent Visitor
 
Posts: 55
Joined: Tue Oct 16, 2007 11:17 am

Re: Hacking Hotspot

by cravetou » Thu Jun 05, 2008 10:33 am

to prevent hotspot hacking
use a wireless interface in the MT and uncheck the default forward in the wireless interface configuration
this will prevent client to communicate with each other

websawadee
just joined
 
Posts: 2
Joined: Sat May 10, 2008 1:16 pm

Re: Hacking Hotspot

by websawadee » Thu Jun 05, 2008 11:12 am

cravetou wrote:to prevent hotspot hacking
use a wireless interface in the MT and uncheck the default forward in the wireless interface configuration
this will prevent client to communicate with each other


I found that this still allows users to e.a. 'ping' each other thru the MT as a relay.
I use additionally a filter on the wlan-interface.
if user's address space is 172.20.x.x/16 (for example), I added filter dropping traffic
172.20.x.x/16 to 172.20.x.x/16 on wlan interface.
Just remember to exclude the IP of the router and/or default gateway ;-)

User avatar
Alessio Garavano
Member Candidate
Member Candidate
 
Posts: 251
Joined: Sat May 29, 2004 12:49 am
Location: Corrientes, Argentina

Re: Hacking Hotspot

by Alessio Garavano » Fri Jun 06, 2008 12:34 pm

Roland: I check my dhcp-server list an have more than 50 hostnames called "desktop" or "PC" or "pc" or "user" etc etc

I think the solution can be around the new "L2 Mesh Protocol" i am trying with excellents results, my network now is more stable and fast.

And i can see how this Layer 2 protocol know all hosts of the network and charge all hosts MACs of the network in /int mesh fdb table of each node of the net...

MT guys, can be this a possible future solution to wired and wireless network using this new protocol to prevent cloned MACs from different places?

This is my little grain of sand, I hope can help to invent a solution to this famous problem that we have crazy at all networks administrators :lol:

Best Regards!
Alessio Garavano
http://www.isparg.com.ar

User avatar
AnRkey
Member Candidate
Member Candidate
 
Posts: 106
Joined: Tue Sep 15, 2009 6:01 pm

Re: Hacking Hotspot

by AnRkey » Sat Nov 28, 2009 1:50 am

Found this clip showing how very simple and easy it is to get access to an MT hotspot without a login and pass.

http://www.youtube.com/watch?v=1WlfLCfdzlY

The whole point of a hotspot (to me any ways) is that it acts as a captive portal for client that can simply be connected to and used. By telling us to use WPA, WEP and other encryption you are simply missing the point.

MT dudes should just say it's not secure so we can stop wasting our time on this.

What work is being done to find a work-around for this issue? There must be some way... I'm sure that fixing the cookie/logout bug would solve this issue... would it not? Can't a cookie be wiped or even changed to show a logged out status? (problem solved if yes without uh's and buts)

After all, what good is a product that does not work as intended or is too easy to circumvent? For that matter what's the point of the login and password if it's that insecure, why not just ditch it? When I have a product that cant be fixed it get's retired... what are other vendors doing to get around this?

R
MTCNA

fewi
Forum Guru
Forum Guru
 
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hacking Hotspot

by fewi » Sat Nov 28, 2009 2:08 am

That video shows absolutely nothing new (MAC address spoofing). MAC address spoofing is non-trivial to circumvent but several solutions and attempts are described in this thread.

The router has nothing to do with enforcing edge connections. From the router's point of view it's impossible to tell a spoofed MAC address connection from the legitimate connection. Cookies are an unsatisfactory workaround as it potentially excludes legitimate clients. This has absolutely nothing to do with Mikrotik's implementation, that's just how networks work.

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: Hacking Hotspot

by Chupaka » Sat Nov 28, 2009 3:04 am

simply uncheck 'default forwarding' tick in Wifi properties? =)

p.s. they're using cracked version - have anybody saw WISP name? :D
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

fewi
Forum Guru
Forum Guru
 
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hacking Hotspot

by fewi » Sat Nov 28, 2009 5:59 am

simply uncheck 'default forwarding' tick in Wifi properties? =)


Yes. Sorry, I should have been more explicit. To me that would count as configuring your edge to prevent this as it doesn't matter where the AP is. The Hotspot itself can't do this stuff for you, you have to prevent it wherever the client connects to the network (which admittedly definitely sometimes is the same device, but in an unrelated configuration section).

User avatar
AnRkey
Member Candidate
Member Candidate
 
Posts: 106
Joined: Tue Sep 15, 2009 6:01 pm

Re: Hacking Hotspot

by AnRkey » Sun Dec 06, 2009 9:13 pm

Chupaka wrote:simply uncheck 'default forwarding' tick in Wifi properties? =)

p.s. they're using cracked version - have anybody saw WISP name? :D


Awesome, thanks this fixed my problem.

I did some tests and the "default forwarding" being off stops those kids dead in their tracks. Not one problem so far :D I cant believe I forgot this on to begin with. When I saw your post I knew instantly how silly I had been by not seeing it straight away.

We pay per GB down here for our data through put on ADSL. So it hurts not knowing and/or forgetting this little secret. Not to mention that your hotspot clients can now reach/see each other too if default forwarding is not off! So getting hacked is part one of the story, part two is the hackers can also see your clients directly so if they are not protected they get smacked too. Just imagine on large installations what a big issue this one tick box can cause by forgetting to set it correctly! :shock:

R
MTCNA

ahang
Frequent Visitor
Frequent Visitor
 
Posts: 55
Joined: Tue Apr 06, 2010 1:16 am
Location: 127.0.0.1

Re: Hacking Hotspot

by ahang » Thu Jun 03, 2010 10:34 am

Hello guys

Don't bother yourself, Mikrotik is hackable in my Area the ISP using MikrotikRouter OS v4.9 and to access the internet there's HotSpot and PPPoE and they are using the extreme ways from hacking but it won't work, I can get user/password and its MAC and IP, Today the method of hacking become a lot no one can control hackers, and ultimate solution to prevent from hacking is to unplug you cable from LAN or disconnect your PC from network !!!
Hacking MikroTik is possible

RB750 V6.12 , RBSXT 5HnD V6.12

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Hacking Hotspot

by normis » Thu Jun 03, 2010 10:37 am

PPPoE


if properly configured, I doubt you will be able to hack it. Admin usually is at fault :)
No answer to your question? How to write posts

ahang
Frequent Visitor
Frequent Visitor
 
Posts: 55
Joined: Tue Apr 06, 2010 1:16 am
Location: 127.0.0.1

Re: Hacking Hotspot

by ahang » Thu Jun 03, 2010 10:41 am

normis wrote:if properly configured, I doubt you will be able to hack it. Admin usually is at fault :)


OK, what is the best secure way for users in Mikrotik ?
Hacking MikroTik is possible

RB750 V6.12 , RBSXT 5HnD V6.12

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19266
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Hacking Hotspot

by normis » Thu Jun 03, 2010 10:46 am

1. Control the way people access your network. Is that a wired network? How did this person plug his cable into your network? make sure to limit his opportunities. Is that a wireless network? Use WPA

2. Use encrypted PPPoE on either type of network, don't use address on the interface where PPPoE is running, configure firewall to drop everything that is not supposed to be coming from the client.

3. restrict communication between connected devices either by a managed switch or by wireless access list
No answer to your question? How to write posts

ahang
Frequent Visitor
Frequent Visitor
 
Posts: 55
Joined: Tue Apr 06, 2010 1:16 am
Location: 127.0.0.1

Re: Hacking Hotspot

by ahang » Thu Jun 03, 2010 11:16 am

normis wrote:1. Control the way people access your network. Is that a wired network? How did this person plug his cable into your network? make sure to limit his opportunities. Is that a wireless network? Use WPA

2. Use encrypted PPPoE on either type of network, don't use address on the interface where PPPoE is running, configure firewall to drop everything that is not supposed to be coming from the client.

3. restrict communication between connected devices either by a managed switch or by wireless access list



no no, I mean if you want prevent yourself from hacking u don't have to use the internet at all !!! :lol:

the Encrypted PPPoE is ms-chap md5 v1 and ms-chap md5 v2 these two encrypted way can be decrypt and it will take a time.

and tell me more about that managed switch ? you guys talking about that pretty much



any way the language of hacking is different if the Mikrotik have a good security and all these encrypted and MAC & IP spoofing and etc... but it cannot consider some hackers method.

I'm quiet sure that the Mikrotik have a very good security the beginner and amateur hackers can't do anything, some one can do it like in advance level I can say there is 5% of exploit in Mikrtotik so you shud be very skillful to advantage from this 5%
Hacking MikroTik is possible

RB750 V6.12 , RBSXT 5HnD V6.12

ether3al
newbie
 
Posts: 42
Joined: Tue Jan 19, 2010 4:23 am

Re: Hacking Hotspot

by ether3al » Thu Jun 10, 2010 4:34 am

Sounds like there is a need for a WIPs system!

We use AirDefence with policy based termination (wired and wireless) :)

  Previous
117 posts   •   Page 3 of 3   •   1, 2, 3

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Google Feedfetcher, lb9ve and 29 guests

It is currently Sun Nov 23, 2014 6:46 pm