Community discussions

MikroTik App

Search found 51 matches

by libyatik
Thu Aug 24, 2017 2:15 am
Forum: General
Topic: Unable to paste byte 0
Replies: 7
Views: 1773

Re: Unable to paste byte 0

I connect using winbox version 3.11 with a ethernet cable in port 3 of the Mikrotik RB201 with base config running version 6.23. When I copy from notepad I can only paste in a max of 10 lines into terminal. If I try to do more than 10 lines none of the config is applied and I get booted out of the ...
by libyatik
Tue Aug 22, 2017 7:13 pm
Forum: General
Topic: Google Chrome crashes when I enter settings
Replies: 2
Views: 923

Re: Google Chrome crashes when I enter settings

reinstall
by libyatik
Tue Aug 22, 2017 6:02 pm
Forum: General
Topic: Unknown traffic on WAN interface
Replies: 3
Views: 1531

Re: Unknown traffic on WAN interface

drop port 8000 wan
by libyatik
Tue Aug 22, 2017 5:55 pm
Forum: General
Topic: ddns through dsl modem
Replies: 10
Views: 3220

Re: ddns through dsl modem

wan ip adsl.jpg I checked my ip address on the adsl wan port and I think it is a private ip (pvc4 is the working one and its ip in range 10.0.0.0) and thus I guess I am behind a nat source from the isp. I asked them if I can be directly connected through public ip address and they are checking it. ...
by libyatik
Sun Aug 20, 2017 10:20 pm
Forum: General
Topic: ddns through dsl modem
Replies: 10
Views: 3220

Re: ddns through dsl modem

I disabled the firewall on the modem also and tried; no result.
http://www.tp-link.com/us/faq-72.html
by libyatik
Sun Aug 20, 2017 5:24 pm
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4590

Re: How to stop ma scanners

a hacker must scan a network to collect macs here is where the prevention acts (!=packets sniffing)
Nope. All you have to do is receive. If you never transmit, there is no way to detect it.
that statement holds true in traffic sniffing not network scans where its all request and response
by libyatik
Sun Aug 20, 2017 2:24 am
Forum: General
Topic: Detecting 2 devices with the same mac on mikrotik networks
Replies: 0
Views: 680

Detecting 2 devices with the same mac on mikrotik networks

this page will resolve the mac spoofing process after a spoof is successful (mac cookie off and short ide times network) i have several ideas to detect 2 devices using the same mac using a mikrotik server only 1-packet response trap method : two devices with the same mac and ip will generate a doubl...
by libyatik
Sun Aug 20, 2017 1:47 am
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4590

Re: How to stop ma scanners

There is no way to tell the difference between legitimate users and users spoofing MAC addresses of legitimate users, same for IP addresses. Scanning MAC addresses of legitimate users can be done passively, no way to tell that someone is doing that. the filter works before the spoof happens a hacke...
by libyatik
Sat Aug 19, 2017 11:57 pm
Forum: General
Topic: Internet starts working after i do IP Scan
Replies: 34
Views: 7265

Re: Internet starts working after i do IP Scan

arp poisoning attack may been done on your network while scaning the network an arp sweep is done to determine which mac have which ip when your device updates its arp table the connection is done check if you have any network software on your device or network devices that is broadcasting arp packets
by libyatik
Sat Aug 19, 2017 11:49 pm
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4590

Re: How to stop ma scanners

Sorry libyatik you lack the basic understanding of the problem and your solution is not a solution. Banning MAC addresses is going to lock out your paying users alongside with the attackers.... NOT a solution. the ban process is for scanners not network legit users (firewall filter) and its not a p...
by libyatik
Sat Aug 19, 2017 2:42 pm
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4590

Re: How to stop ma scanners

deal with the root reason which is network arp sweeps and icmp scans to reveal the connected macs
if you blocked the scan process then you solve the root of this problem,
by libyatik
Sat Aug 19, 2017 4:59 am
Forum: General
Topic: Unable to paste byte 0
Replies: 7
Views: 1773

Re: Unable to paste byte 0

update winbox - device - and retest
by libyatik
Sat Aug 19, 2017 4:51 am
Forum: General
Topic: ddns through dsl modem
Replies: 10
Views: 3220

Re: ddns through dsl modem

dsl modems have firewall rules on the wan side you need to configure it to allow remote connections through this can be a risk or you might be behind an isp nat
by libyatik
Sat Aug 19, 2017 4:48 am
Forum: General
Topic: PCC load balancing problem
Replies: 8
Views: 4525

Re: PCC load balancing problem

pcc will dispatch connections between wans but will Not combine the speeds in 15mbps thats another story
by libyatik
Sat Aug 19, 2017 4:30 am
Forum: General
Topic: Does this violate RFC?
Replies: 26
Views: 6618

Re: Does this violate RFC?

yes you did break RFC
review this paper
https://tools.ietf.org/html/rfc4343
by libyatik
Sat Aug 19, 2017 4:16 am
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4590

Re: How to stop ma scanners

detect netcut users /ip firewall layer7-protocol add name=detect regexp="^.+(arcai.com|netCut)" /ip firewall mangle add action=add-src-to-address-list address-list=netcutuser address-list-timeout=3d chain=prerouting layer7-protocol=detect and ban their macs on dhcp and bridge firewall with...
by libyatik
Fri Aug 18, 2017 6:00 pm
Forum: General
Topic: multi wan load balance connections per one dst-address
Replies: 2
Views: 1120

Re: multi wan load balance connections per one dst-address

I think that this is what you are looking for: https://wiki.mikrotik.com/wiki/Manual:PCC will pcc merge connections of multi wan to a dst-address and support opening of multiple simultaneous download streams based on dst-address connection count? 20 mbps dsl and a 20 mbps dsl don't combine the spee...
by libyatik
Fri Aug 18, 2017 5:05 pm
Forum: General
Topic: multi wan load balance connections per one dst-address
Replies: 2
Views: 1120

multi wan load balance connections per one dst-address

(example of concept) when opening new connections to a server that accepts 20 connections mikrotik will count 10 new opened connections to the dst ip then {route ,(redirect)} the other 10 to the second wan this will increase download speed by factor of wan1+wan2 (combined wans ) --------------------...
by libyatik
Tue Aug 08, 2017 10:19 am
Forum: General
Topic: can i 1 to 1 nat all dhcp to 1 ip (hotspot)
Replies: 0
Views: 613

can i 1 to 1 nat all dhcp to 1 ip (hotspot)

-------------------?
by libyatik
Tue Aug 08, 2017 8:46 am
Forum: General
Topic: global speed limit for shared users (hotspot)[mikrotik support]
Replies: 0
Views: 682

global speed limit for shared users (hotspot)[mikrotik support]

hello all how to set a global speed limit for multi users on the same hotspot user(shared users) a login set at 1024 up/down link with a shared users of three for each user will get the 1024 limit thats 3072 up/down and thats the issue how to set a limit at 1024 global speed for all to share (create...
by libyatik
Sun Aug 06, 2017 1:48 pm
Forum: General
Topic: block arp broadcast sweep in bridge firewall
Replies: 2
Views: 1973

block arp broadcast sweep in bridge firewall

this is not working
how to block arp responses (reply) from clients to clients ?
by libyatik
Sat Aug 05, 2017 1:51 am
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 41515

Re: v6.40.1 [current]

Anyone have problem with ethernet link down and up? i see that after i upgrade 6.40 from 6.39.
i noticed the same thing
by libyatik
Wed Aug 02, 2017 2:35 pm
Forum: General
Topic: Client's browsing history and information
Replies: 4
Views: 2041

Re: Client's browsing history and information

https ماتقدر تاخد اي بيانات عن العميل لان مشفر
by libyatik
Mon Jul 31, 2017 2:23 pm
Forum: General
Topic: NO IP SCANNERS NOMORE{updated}
Replies: 5
Views: 4210

Re: NO IP SCANNERS NOMORE{updated}

UPDATE Counter measures can prevent these kind of scanning and spoofing with via network map apps 1-/8 pool with random ips and dhcp /32 netmask a large pool with random ips+ hotspot 1 to 1 nat is very hard to scan for a (novak apk one click hackers) random pool pic ex 11.54.203.33 11.188.234.11 11....
by libyatik
Mon Jul 31, 2017 3:39 am
Forum: General
Topic: NO IP SCANNERS NOMORE{updated}
Replies: 5
Views: 4210

Re: NO IP SCANNERS NOMORE{updated}

update
a switch rule i think can prevent the scan after detection but my switch chip not supporting any rule
need a tester
if true a script can add from scanner list to the switch rule table on block
by libyatik
Sun Jul 30, 2017 6:10 am
Forum: General
Topic: NO IP SCANNERS NOMORE{updated}
Replies: 5
Views: 4210

Re: NO IP SCANNERS NOMORE

Any testers? Share results.
NOT working in blocking part but the local to local scan detect is very accurate
by libyatik
Sat Jul 29, 2017 9:07 am
Forum: General
Topic: dhcp mac spoofing
Replies: 1
Views: 1230

Re: dhcp mac spoofing

by libyatik
Sat Jul 29, 2017 9:06 am
Forum: General
Topic: Mikrotik is very bad in network Solutions. why ?
Replies: 11
Views: 5769

Re: Mikrotik is very bad in network Solutions. why ?

viewtopic.php?f=2&t=124038
block ip scanner with no false alarms 100%
by libyatik
Sat Jul 29, 2017 4:35 am
Forum: General
Topic: NO IP SCANNERS NOMORE{updated}
Replies: 5
Views: 4210

NO IP SCANNERS NOMORE{updated}

DONE NO IP SCANNERS NO MORE FIREWALL RULES FIRST BEFORE EVEN HOTSPOT DEFAULT RULES =========================================================================================== /ip firewall filter add action=drop chain=output dst-address-list=Scanner src-address=local.lan.pool add action=jump chain=fo...
by libyatik
Wed Jul 26, 2017 8:23 am
Forum: General
Topic: Script to email dhcp server dymanic client leases
Replies: 1
Views: 1336

Re: Script to email dhcp server dymanic client leases

log dhcp leases only and send logs by email if the other logs not important at the moment
by libyatik
Tue Jul 25, 2017 1:43 pm
Forum: General
Topic: Mikrotik denial of service on low-end devices due to synflood resolved
Replies: 0
Views: 661

Mikrotik denial of service on low-end devices due to synflood resolved

TEST on : RB951Ui-2HnD ver 6.38.7 (Bugfix only) app used in attack : synflooder Version2 the app flooded the server ip on port 80 result cpu 100% and denial of service present during attack even with firewall filter on drop chain the cpu was on 100% only solution was to block the flooder ip on hotsp...
by libyatik
Tue Jul 25, 2017 12:34 pm
Forum: General
Topic: run a script on firewall addresse list add
Replies: 6
Views: 3087

Re: run a script on firewall addresse list add

goooooooooooot it { :local x :foreach i in=[/ip firewall address-list find list="flooder-list"] do={ :set x [/ip firewall address-list get value-name=address $i] ip hotspot ip-binding add address=$x type=blocked }} firewall rule for detection add action=add-src-to-address-list address-list...
by libyatik
Tue Jul 25, 2017 12:21 pm
Forum: General
Topic: run a script on firewall addresse list add
Replies: 6
Views: 3087

Re: run a script on firewall addresse list add

On rule detect the flood and add the address to the list detected. Then your script moves the IP to the list to block if is serious enough. An other rule uses the block address list to block the flooders. how to move the ip from firewall address list and store it in a variable then block it in ip h...
by libyatik
Tue Jul 25, 2017 11:48 am
Forum: General
Topic: run a script on firewall addresse list add
Replies: 6
Views: 3087

Re: run a script on firewall addresse list add

no help so far
the only thing i was able to do
{
:local x [/ip firewall address-list find list="doser" get $j address]
ip hotspot ip-binding add address=$x type=blocked
}
by libyatik
Tue Jul 25, 2017 9:36 am
Forum: General
Topic: run a script on firewall addresse list add
Replies: 6
Views: 3087

Re: run a script on firewall addresse list add

or how to script
ip hotspot host make-binding type=blocked
from
/ip firewall address-list
???
by libyatik
Tue Jul 25, 2017 4:03 am
Forum: General
Topic: mik--lan->ap--->repeater ap----->client( issues)
Replies: 3
Views: 1630

Re: mik--lan->ap--->repeater ap----->client( issues)

Mac address is layer 2. It is, if I understood correctly, only from router to router passed. For me, therefore, your network works. The router should only transmit its MAC address. Please refer: https://en.wikipedia.org/wiki/OSI_model Rosi thank you after testing this setup only one bug found : WHE...
by libyatik
Tue Jul 25, 2017 3:52 am
Forum: General
Topic: run a script on firewall addresse list add
Replies: 6
Views: 3087

run a script on firewall addresse list add

i use a firewall rule to detect flooders and even on drop chian the cpu goes up
i need to run script block dhcp ip lease and make binding and block mac on detection
manual blocking can not prevent this as the attacker can change mac to proceed
HOW TO RUN A SCRIPT ON EVENT FIREWALL LIST ADD ?
by libyatik
Mon Jul 24, 2017 3:10 am
Forum: General
Topic: mik--lan->ap--->repeater ap----->client( issues)
Replies: 3
Views: 1630

mik--lan->ap--->repeater ap----->client( issues)

my network uses hotspot on a first ap and a second repeater ap when client connects to main the client mac is shown but when client conects to the (repeater ap) the client mac is not shown and all clients who use (repeater ap) get the repeater mac on hotspot hosts list {ADDED A PIC} can this setup c...
by libyatik
Sat Jul 22, 2017 8:07 am
Forum: General
Topic: request (block certain range of mac addresses)
Replies: 0
Views: 659

request (block certain range of mac addresses)

i want to block a range of mac addresses not A list
#drop any packets from any device starting with 00: mac
...........................................................................................
by libyatik
Wed Jul 19, 2017 10:03 am
Forum: General
Topic: Hotspot client
Replies: 1
Views: 820

Re: Hotspot client

#something to start with (general explanation) to disconnect a user automatically from hotspot at a pre set time and let him/her reconnect without manual resting the uptime in user profile is tricky deleting the user dhcp lease when he/she online that will cause hotspot logout in seconds or binding ...
by libyatik
Tue Jul 18, 2017 7:33 pm
Forum: General
Topic: 40 mb bandwidth 200 user with router os on pc ?
Replies: 5
Views: 1599

Re: 40 mb bandwidth 200 user with router os on pc ?

if you use the compatible hardware then the answer is no
by libyatik
Tue Jul 18, 2017 8:22 am
Forum: General
Topic: STATIC LEASE (random testing)
Replies: 0
Views: 824

STATIC LEASE (random testing)

i found that making the dhcp lease static resolve lots of problems if a client is online and you have short lease time and long ide hotspot /server time the lease will be deleted on wifi disconnect and he/she will still be on hotspot hosts list on reloging a new lease will be given and 2 addresses f...
by libyatik
Sun Jul 16, 2017 9:24 pm
Forum: General
Topic: I THINK FASTTRACK IS BUGGED
Replies: 0
Views: 577

I THINK FASTTRACK IS BUGGED

i use an ap and a second repeater when i connect to the main ap all good the problem is in the repeater when using fasttrack rules the ping is fine but browsing is stuck not loading any site i did a lot of testing first i thought it was a repeater problem and i found that disabling or putting the FT...
by libyatik
Fri Jun 30, 2017 1:59 am
Forum: General
Topic: auto detecting and blocking devices causing rough dhcp
Replies: 2
Views: 4001

Re: auto detecting and blocking devices causing rough dhcp

after further testing the rough dhcp was not blocked
another method can be used to ban the ips of the rough on hotspot upon detection to cut internet usage
any idea can help
by libyatik
Thu Jun 29, 2017 8:22 am
Forum: General
Topic: auto detecting and blocking devices causing rough dhcp
Replies: 2
Views: 4001

auto detecting and blocking devices causing rough dhcp

hello all this is my setup to deal with rouge dhcp servers first run dhcp client on lan interface with (add default rout ,dns ,ntp) OFF then on dhcp alert use the lan interface and add this code :local mac $"mac-address" /ip dhcp-server lease add mac-address=$mac block-access=yes /ip dhcp-...
by libyatik
Thu Jun 29, 2017 5:33 am
Forum: Beginner Basics
Topic: Load balancing with manageable switch
Replies: 9
Views: 3465

Re: Load balancing with manageable switch

what you need is a router that support multihoming (protocol binding ) to get the max speed of 10
using other methods will only separate clients connections to reduce load
by libyatik
Thu Jun 29, 2017 5:05 am
Forum: Wireless Networking
Topic: Wirelles can over 25mb of Download
Replies: 17
Views: 7910

Re: Wirelles can over 25mb of Download

use fasttrack rules
by libyatik
Thu Jun 29, 2017 3:34 am
Forum: Beginner Basics
Topic: Expand router board ports.
Replies: 3
Views: 1003

Re: Expand router board ports.

YES you can
lan 1st mik to second mik wan
switch the second mik ports and done
OR just buy a switch