Community discussions

Search found 72 matches

by Dragonmen
Tue Nov 13, 2012 11:23 pm
Forum: General
Topic: PPPOE Server with many connections lags
Replies: 10
Views: 2508

Re: PPPOE Server with many connections lags

Before the router went into production it was troughly tested and there was no problem with bandwidth or latency. Bandwidth was full 1Gbit and latency was below 20, so this problem must be related either to many queues or many pppoe connections. Anyway, it's solved by replacing mikrotik with plain l...
by Dragonmen
Mon Mar 09, 2009 10:10 pm
Forum: General
Topic: could not connect to console, try rebooting the router
Replies: 6
Views: 1470

Re: could not connect to console, try rebooting the router

im on 3.17 x86 and seeing this as well: "could not connect to console, try rebooting the router" Whats the deal ? Uptime is 69d, just started a few moments ago. Cannot ssh into the box, or even open up terminal within winbox. cpu load also shows 100% now ... ouch! anyone have any ideas ? Reboot the...
by Dragonmen
Mon Mar 09, 2009 9:42 pm
Forum: Scripting
Topic: Disconnecting the users with bad signal [2.9.X - 3.0.X]
Replies: 9
Views: 4396

Re: Disconnecting the users with bad signal [2.9.X - 3.0.X]

The script works differently than that rule.
The user with bad signal experience something like this:
5 minutes of blocking the wireless with deny packet, then 5 minutes of working wireless.
You can always see in the access list the clients that have been rejected becouse of the bad signal.
by Dragonmen
Sat Nov 22, 2008 11:16 am
Forum: Wireless Networking
Topic: This question is Awesome!
Replies: 13
Views: 2070

Re: This question is Awesome!

I would ban him if he writes something like that on my forum...
by Dragonmen
Fri Nov 21, 2008 11:10 am
Forum: Wireless Networking
Topic: This question is Awesome!
Replies: 13
Views: 2070

Re: This question is Awesome!

roc-noc has the point...
by Dragonmen
Thu Nov 20, 2008 12:08 pm
Forum: Wireless Networking
Topic: This question is Awesome!
Replies: 13
Views: 2070

Re: This question is Awesome!

he will use sectors, so the mentioned problems should not exist. As far as I understand, using 3 RBs is to decrease load per machine. He wrote the question very unclearly, not the mention the topic name. More detailed info would bring better answer. BTW, the problem exist with sectors if there are ...
by Dragonmen
Thu Nov 20, 2008 10:44 am
Forum: Wireless Networking
Topic: This question is Awesome!
Replies: 13
Views: 2070

Re: This question is Awesome!

If i understood well, you want to put 3 omni antennas instead of one, on the same place with on 3 RB? First of all, why not one Routerboard instead of 3? Second, i don't recommend same SSID but different ones (like "ssid1", "ssid2", "ssid3") becouse if you have the same SSID you may have a problem w...
by Dragonmen
Tue Nov 18, 2008 12:57 pm
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

From the test of 802.11n AP and 802.11n client which consisted of combination of D-Link DWA-547 PCI wireless card and Linksys WRT160N device i have next results: - PCI card (client) connected to AP (Linksys,DD-WRT) have greater troughput than Linksys-Linksys, and it's about 67 mbit in perfect condit...
by Dragonmen
Mon Nov 10, 2008 11:38 am
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

There, however aren't any 802.11N AP based on PC with PCI/PCIe card on linux. that's why you need MikroTik :) - clients MikroTik, Windows, MacOS - APs MikroTik That's true... Not mentioning the fact that N AP/Clients in MT would probalby work much better and stable than other platforms. I wish for ...
by Dragonmen
Mon Nov 10, 2008 11:00 am
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

not true. we don't use madwifi or any other linux driver for wireless. 802.11n is already in testing for a long time, so it will be ready soon P.S.: all laptops now come with N cards, and there are tons of N APs too. They work great. If the driver will be added to MT soon - that's great. There, how...
by Dragonmen
Fri Nov 07, 2008 10:48 am
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

With the amount of hints that have been being dropped recently, N support would not suprise me. I highly doubt that. 802.11N (not legacy abg modes) cards are simply not ready and not working in madwifi drivers, which means in linux also. And MT is, as we all know, based on linux. I still never saw ...
by Dragonmen
Thu Nov 06, 2008 8:22 pm
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

Means probalby there's some error becouse AR5213 does not support N, and MT does not even support N cards in legacy modes (abg/bg).
by Dragonmen
Thu Nov 06, 2008 12:44 am
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12620

Re: 802.11n

But we need all the good stuff, that's what makes MikroTik boards, MikroTik boards. Does anyone or has anyone heard when they will be releasing a new board that is 802.11n compatible and has all the good stuff? The term "compatible board with 802.11n" does not exist. Every board can work with 802.1...
by Dragonmen
Mon Oct 27, 2008 9:02 am
Forum: Scripting
Topic: Disconnecting the users with bad signal [2.9.X - 3.0.X]
Replies: 9
Views: 4396

Re: Disconnecting the users with bad signal [2.9.X]

Here's "enhanced" version (sorry for waiting so long): How it works: This means if minthreshold is 75 and maxthreshold is 90, the clients with signals between -70 and -90 will get blocked. Are you sure ? That means nobody can be connected! Yes i am sure and i tested it. ONLY the signals between -75...
by Dragonmen
Sat Oct 25, 2008 3:56 pm
Forum: Scripting
Topic: Disconnecting the users with bad signal [2.9.X - 3.0.X]
Replies: 9
Views: 4396

Re: Disconnecting the users with bad signal [2.9.X]

Here's "enhanced" version (sorry for waiting so long): How it works: The settings "minthreshold" is minimum signal and "maxthreashold" is maximum signal that will get blocked. This means if minthreshold is 75 and maxthreshold is 90, the clients with signals between -75 and -90 will get blocked. If y...
by Dragonmen
Tue Sep 09, 2008 9:40 am
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 12274

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

As far as i can see, it works on all MT 3.X, but not on 2.X.
Comment said:
Vulnerable versions: 2.9.51 (2.9.x branch), 3.13 (3.x branch)
But it didn't work on 2.9.X i have been tested...
The program spoofs the source ip by using raw sockets.
by Dragonmen
Fri Sep 05, 2008 11:04 am
Forum: General
Topic: could not connect to console, try rebooting the router
Replies: 6
Views: 1470

Re: could not connect to console, try rebooting the router

I checked every change from 3.0 to 3.13, and there is no fix for anything similiar. Since when has the changelog been complete? :-) Upgrading from 3.0 is still a good idea. There are many fixes, including updated firmware if you are using a Routerboard. I do not use RB, and the router is working pe...
by Dragonmen
Fri Sep 05, 2008 11:01 am
Forum: Beginner Basics
Topic: one lan 8 ip, how to
Replies: 7
Views: 2017

Re: one lan 8 ip, how to

I guess your customer needs public ip for vpn with 2 cisco routers, which in this case, the nat won't be possible (except double nat which complicates the things). Try to route public ip directly to the customer.
by Dragonmen
Fri Sep 05, 2008 10:51 am
Forum: General
Topic: could not connect to console, try rebooting the router
Replies: 6
Views: 1470

Re: could not connect to console, try rebooting the router

you should upgrade to v3.13, as 3.0 is quite old and probably has some console problems too I checked every change from 3.0 to 3.13, and there is no fix for anything similiar. There is also a couple of the posts here with almost same problem unsolved for ppl using 3.0rc6 - 3.9. On the next "stuck" ...
by Dragonmen
Fri Sep 05, 2008 10:28 am
Forum: General
Topic: could not connect to console, try rebooting the router
Replies: 6
Views: 1470

could not connect to console, try rebooting the router

MikroTik v3.0 Login: ***** Password: MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK ...
by Dragonmen
Fri Jul 18, 2008 1:49 pm
Forum: Beginner Basics
Topic: one lan 8 ip, how to
Replies: 7
Views: 2017

Re: one lan 8 ip, how to

The real question is if your customer really need public address on his comp or he just need an traffic to be passed to his local ip. Most likely, the second alternative is enough, in which case you just need to nat the the 192.168.0.x ip of one of the public ips to his ip, so he will get the traffi...
by Dragonmen
Fri Jul 18, 2008 1:41 pm
Forum: General
Topic: Extracting information from mirkotik
Replies: 4
Views: 824

Re: Extracting information from mirkotik

I suggest using the telnet to retrieve the info you need if the SNMP info isn't enough for you.
by Dragonmen
Fri Jul 18, 2008 12:48 pm
Forum: General
Topic: Easiest way to block an IP
Replies: 4
Views: 885

Re: Easiest way to block an IP

Do in the console
/ip firewall export
by Dragonmen
Sat Jul 05, 2008 12:18 pm
Forum: Wireless Networking
Topic: why are sectors so expensive compared 2 omnis?
Replies: 28
Views: 4196

Re: why are sectors so expensive compared 2 omnis?

@JR: Sector info: http://www.reinkjet.co.yu/proizvodi_antene.html Sector picture and some basic info: http://www.pakom.com/KatalogProizvoda/OpisProizvoda.aspx?sifra=9007888 , price is 4295 din or 52 EUR @-headstrong-: Cable loss calculator: http://www.timesmicrowave.com/cgi-bin/calculate.pl Don't se...
by Dragonmen
Fri Jul 04, 2008 4:55 pm
Forum: Wireless Networking
Topic: why are sectors so expensive compared 2 omnis?
Replies: 28
Views: 4196

Re: why are sectors so expensive compared 2 omnis?

We use TL-WN551G and TL-WN651G (atheros chipset).
Card very rarely got stuck (in worst case once in 3 months, most of them never got stuck) so you need to disable/enable it, no other issues.
It's also cheap for atheros card.
by Dragonmen
Fri Jul 04, 2008 2:25 pm
Forum: Wireless Networking
Topic: why are sectors so expensive compared 2 omnis?
Replies: 28
Views: 4196

Re: why are sectors so expensive compared 2 omnis?

ATM we have 158 client APs excluding bridges. Mikrotik AP's are connected to NOC with 5GHz links using Hypergrid antennas (we also manufacturing 5GHz and 2.4GHz grid and sector antennas). For the active equipment we use CM9 cards (any CM9 series) on the both sides of bridge connections. For AP cards...
by Dragonmen
Fri Jul 04, 2008 2:15 pm
Forum: General
Topic: I need help with Routing challenge
Replies: 6
Views: 1065

Re: I need help with Routing challenge

You can host DNS server for the zones you have in your 6-mbit network (dns queries take very little bw) and when the 2mbit link fail you need to change the dns records. The problem is that you need very small TTL which will increase DNS load but it will allow you to change records quicky. You still ...
by Dragonmen
Fri Jul 04, 2008 11:03 am
Forum: General
Topic: I need help with Routing challenge
Replies: 6
Views: 1065

Re: I need help with Routing challenge

Generally, there is not enough info in your request, and here's few facts: 1. As you already said, you can have MX records with different priority for this, but for other (A) records, for example, you can have multiple records pointing to other ip addresses but you will have load-balacing this way a...
by Dragonmen
Fri Jul 04, 2008 10:37 am
Forum: Wireless Networking
Topic: why are sectors so expensive compared 2 omnis?
Replies: 28
Views: 4196

Re: why are sectors so expensive compared 2 omnis?

Main advantage (especially in urban areas) is that 5.8GHz have MUCH less interference, and even if it have some, it's probalby weaker than 2.4 Ghz as the amps and equipment are more expensive. In my city i have better link on 5Ghz with -77 signal than on 2.4Ghz with -48. So, basically, you can have ...
by Dragonmen
Thu Jun 26, 2008 9:38 am
Forum: General
Topic: updated porn site and virus port block list?
Replies: 16
Views: 5044

Re: updated porn site and virus port block list?

You mean bug me when you stuck? :) As i already said you might have alot of problems with setting up tproxy, but it really works for me and i don't have side effects like some other ppl. Anyway, i advise you follow this tutorial: http://fuzzylab00net.blog.dada.net/post/413913/Squid-2.6-+-tproxy-+-br...
by Dragonmen
Thu Jun 26, 2008 9:32 am
Forum: Scripting
Topic: Variables in a script
Replies: 14
Views: 2911

Re: Variables in a script

It wasn't my strong point either, i barely pass it in the school.
But i like programming.
by Dragonmen
Wed Jun 25, 2008 10:07 am
Forum: Scripting
Topic: Variables in a script
Replies: 14
Views: 2911

Re: Variables in a script

Good it's fixed.

You can also write that as
:if ($bytestotal > 999999999999999999) do={ :set bytestotal 0 }
by Dragonmen
Tue Jun 24, 2008 9:54 am
Forum: General
Topic: updated porn site and virus port block list?
Replies: 16
Views: 5044

Re: updated porn site and virus port block list?

Sorry, Hilton, you can't use proxy authentication in transparent mode. For the bandwidth usage you can use some of the squid log analyzers to see how much traffic uses which ip address, if that satisfies you. This logs (access logs) can be quite huge, especially if you have many clients. For the ban...
by Dragonmen
Tue Jun 24, 2008 9:52 am
Forum: Scripting
Topic: Variables in a script
Replies: 14
Views: 2911

Re: Variables in a script

Can you provide that script?
I don't see you posted it?
by Dragonmen
Sat Jun 21, 2008 2:01 pm
Forum: Scripting
Topic: Variables in a script
Replies: 14
Views: 2911

Re: Variables in a script

Hi dada

I've seen the :len argument several times but can't quite figure out what it does and the usermanual doesn't help me either. Could you give me a short description?

Many thanks, G
Returns string length, like strlen() command in C.
Example:
[admin@MikroTik] > :put [:len "abcd"] 
4
by Dragonmen
Sat Jun 21, 2008 1:04 pm
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 27400

Re: Moving Static Queue Above Dynamic Queues

Latest version (3.10) simple script: /queue simple move [find name="queue1"] 0 Checked all possible ways to execute it ( from terminal, scheduler, netwatch etc.) It works! This does not work with dynamic queues created by user-manager or hotspot. The script cannot move "queue1" above any dynamic qu...
by Dragonmen
Fri Jun 20, 2008 1:06 pm
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 27400

Re: Moving Static Queue Above Dynamic Queues

No, the script above don't work if you make script out of it, it work just in console, since you can't print in the script but only in console so it won't work.
As i said it can't be done afaik.
by Dragonmen
Fri Jun 20, 2008 12:54 pm
Forum: Scripting
Topic: Disconnecting the users with bad signal [2.9.X - 3.0.X]
Replies: 9
Views: 4396

Re: Disconnecting the users with bad signal [2.9.X]

Yes it is possible.
The scripts needs a few more line to be perfect!
If the people want it i will do it.

@xakou:
remove
:log info "Removing disabled clients"; :foreach i in=[/interface wireless access-list find comment="badsignal"] do={ /interface wireless access-list remove $i }
by Dragonmen
Fri Jun 20, 2008 10:35 am
Forum: General
Topic: updated porn site and virus port block list?
Replies: 16
Views: 5044

Re: updated porn site and virus port block list?

Squid box can work on transparent bridge which passes the original input ip to output interface (so-called spoofing) using the tproxy method. We have few thousands of customers passing to the internet this way (LAN->SQUID->MT->INTERNET). but does this allow you to enforce simple queues as well to m...
by Dragonmen
Thu Jun 19, 2008 2:20 pm
Forum: General
Topic: MikroTik RouterOS simulator
Replies: 3
Views: 6874

Re: MikroTik RouterOS simulator

No need for simulator, you can run ros in virtual machine like vmware or bochs (free), and as mt requires only 32mb memory and very low amount of cpu to run you can run it in many instances. Multiple cores/more mem will help if you want to run alot of instances (like 30).
by Dragonmen
Thu Jun 19, 2008 1:50 pm
Forum: General
Topic: updated porn site and virus port block list?
Replies: 16
Views: 5044

Re: updated porn site and virus port block list?

Squid box can work on transparent bridge which passes the original input ip to output interface (so-called spoofing) using the tproxy method. We have few thousands of customers passing to the internet this way (LAN->SQUID->MT->INTERNET).
by Dragonmen
Thu Jun 19, 2008 1:39 pm
Forum: General
Topic: Mikrotik 3 API quote problem
Replies: 0
Views: 478

Mikrotik 3 API quote problem

I have a problem with sending the sentence which contained quoted word. When i send any sentence with unquoted word it passes, but the quoted word don't. The format is correct, and it seems like MT3 bug. For example, i can send this: /interface address add address=192.168.1.1/24 interface=ether1 and...
by Dragonmen
Fri Jun 13, 2008 3:50 pm
Forum: General
Topic: MikroTik API consultants wanted
Replies: 11
Views: 2841

Re: MikroTik API consultants wanted

You can count me too for both Delphi and PHP. I already have API developed in PHP that my ISP is using to communicate with routers. I also already have Telnet based communication (for ROS < 3.0) in PHP and Delphi that we used for years. Dunno if this means beign put to global list (http://www.mikrot...
by Dragonmen
Sat Mar 29, 2008 12:13 pm
Forum: The Dude
Topic: The DUDE version 7 question
Replies: 5
Views: 2409

Re: The DUDE version 7 question

Change the NIC or turn off "Checksum offloading".
That helped my problem.
by Dragonmen
Thu Mar 20, 2008 2:24 pm
Forum: General
Topic: New proxy
Replies: 16
Views: 1946

Re: New proxy

Why not using the separate machine for proxy and reduce the load on router?
Surely the separate machine with squid can run faster than the ROS's integrated proxy and you'll have many, many more features.
Do not use 3.0 branch (yet) as it is slower than 2.X and more buggy.
by Dragonmen
Fri Jan 11, 2008 11:05 am
Forum: General
Topic: Routing packets stops randomly with conn tracking off
Replies: 4
Views: 1659

Re: Routing packets stops randomly with conn tracking off

If you're using NAT, you must have conntracking on.
Same thing will happen with 2.9.X.
by Dragonmen
Fri Jan 11, 2008 11:01 am
Forum: General
Topic: Net:NAPI method
Replies: 0
Views: 1223

Net:NAPI method

I would like to know if the Net:NAPI method (dev->poll()) will be in final 3.0 (or later) for the NICs that supports it.
This will help alot in decreasing CPU usage on busy Mikrotik routers.
by Dragonmen
Thu Dec 13, 2007 11:31 am
Forum: Scripting
Topic: can someone look at this?
Replies: 9
Views: 2388

Re: can someone look at this?

but it seems to do the scan on it's own. I don't think it is loosing connection, just scanning for better signal, notice our main AP always satisfies strongest signal and is chosen.?
Check for "fake ap" someone might put to spoof your traffic.
by Dragonmen
Wed Dec 12, 2007 10:37 am
Forum: Scripting
Topic: Automated blocking of IP addresses
Replies: 12
Views: 17871

Re: Automated blocking of IP addresses

Access-lists can only be used with wireless interfaces... My router has no wireless interfaces. Public interface, DMZ interface and LAN interface (all wires) On WAN i have static IP addresses and my log's are full of failed login attempts from the same IP address for hours.... I can't block remote ...
by Dragonmen
Wed Dec 12, 2007 9:32 am
Forum: Scripting
Topic: Automated blocking of IP addresses
Replies: 12
Views: 17871

Re: Automated blocking of IP addresses

My recommendation is to block the ports for router access in the input chain and allow connection to these port only by your ip address (or range) - this will prevent possible router hacking.
The ports are: 21,22,23,80,8291 all tcp.
by Dragonmen
Wed Dec 12, 2007 12:19 am
Forum: Scripting
Topic: Script using ping, please help?
Replies: 5
Views: 2032

Re: Script using ping, please help?

only thing that matters is - does it fail or not.
Oh, how sad... :( Cannot implement a dynamic QoS script based on clients latency in a wireless AP. Too bad.
IMO ack timeout is more reliable pointer than ping (what is there is too much traffic that chokes the connection?).
by Dragonmen
Tue Dec 11, 2007 9:26 am
Forum: Scripting
Topic: can someone look at this?
Replies: 9
Views: 2388

Re: can someone look at this?

This is a screen shot of my logs from my Mikrotik device, its obviosly scanning for best signal but, why? I have played around with (no radar detect) and it didn't seem to change results. I have a lot of devices that do this, is this periodic calibration? Thanks for the help p.s the SSID this devic...
by Dragonmen
Mon Dec 10, 2007 3:40 pm
Forum: Scripting
Topic: Change Band on Wifi?
Replies: 4
Views: 1739

Re: Change Band on Wifi?

I know but, it is a backbone link, only between two MT's. The script can work this way (dunno if it's satisfy you): 1. Sheduler execute it and checks for signal, if it's too low, it change the channel to next one available 2. Wait xxx mins/secs (no less than, let's say 5 secs becouse wireless link ...
by Dragonmen
Mon Dec 10, 2007 11:19 am
Forum: Scripting
Topic: Change Band on Wifi?
Replies: 4
Views: 1739

Re: Change Band on Wifi?

Is there a script that would change the band/channel when the threshold goes below the limit? I mean we have a backbone link which is surrounded by other networks and the noise is pretty constant, but, sometimes it is just on one channel or on four channels etc. I would like a script to modify the ...
by Dragonmen
Sun Dec 09, 2007 12:05 am
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 27400

Re: Moving Static Queue Above Dynamic Queues

RC = not totally stable version (is there sucha thing anyway?) so i don't recommend using it in production environment
by Dragonmen
Sat Dec 08, 2007 2:23 pm
Forum: Scripting
Topic: why this script does work? who can help me
Replies: 5
Views: 2033

Re: why this script does work? who can help me

Cleaned from bad syntax (you have more than those 2 mentioned above): :local new-address :local status :local x :set x 2 :for i from=1 to=$x do={ :set status [/interface get [/interface find name="ppoe"] running] :if ($status=true) do={ :set new-address [/ip address get [/ip address find dynamic=yes...
by Dragonmen
Sat Dec 08, 2007 12:07 pm
Forum: Scripting
Topic: Disconnecting the users with bad signal [2.9.X - 3.0.X]
Replies: 9
Views: 4396

Disconnecting the users with bad signal [2.9.X - 3.0.X]

YOU WANT IT - YOU GOT IT 8) Small manual: Install - click system->scripts, click "+", enter in the name whatevery you want (like signallimiter), click ok, done! http://i1.tinypic.com/6z42kbr.jpg You must have sheduler if you don't want to manually run the rule. Just make new system->shedule rule and...
by Dragonmen
Fri Dec 07, 2007 9:49 am
Forum: The Dude
Topic: The DUDE version 7 question
Replies: 5
Views: 2409

Re: The DUDE version 7 question

I have upgraded to version 7 on Dude server. I have a directly connected p.c. that is able to access fine. I have another p.c that uses remote connection, works fine. I have device on the network(mikrotik client) same IP block as The Dude server and when it connects to Dude it says(getting stuff) i...
by Dragonmen
Tue Dec 04, 2007 10:08 am
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 27400

Re: Moving Static Queue Above Dynamic Queues

Tried everything some time ago, but i did not suceed.
I think it can't be done.
by Dragonmen
Tue Dec 04, 2007 10:03 am
Forum: Scripting
Topic: Hide your MAC Address from hackers ??how how how please???
Replies: 21
Views: 7788

Re: Hide your MAC Address from hackers ??how how how please???

If i'm right srmed2000 is using hotspot to authenticate wireless users via mac so hacker uses their mac to steal their internet. Well, if that's the case, there's almost nothing you can do about these hacks becouse you can't differ ppl that is cloning mac address from regular ppl. Sure, you can use ...
by Dragonmen
Mon Nov 26, 2007 1:26 pm
Forum: Scripting
Topic: Can anybody help my script about auto change the pppoe IP
Replies: 4
Views: 1189

Re: Can anybody help my script about auto change the pppoe IP

I had got the answer for this case.

Simple and effect!
Will you share it with us ?
by Dragonmen
Mon Nov 26, 2007 12:09 pm
Forum: Scripting
Topic: Can anybody help my script about auto change the pppoe IP
Replies: 4
Views: 1189

Re: Can anybody help my script about auto change the pppoe IP

source ip route?
you mean source ip nat?
Did you tried "masquerade"?
by Dragonmen
Thu Nov 22, 2007 10:51 am
Forum: Scripting
Topic: Customer with Virus "Port Blocking"
Replies: 13
Views: 6766

Re: Customer with Virus "Port Blocking"

It's kinda hard to track all the rules by looking at the exports. As far as i can see you need to move 2 rules you added to the top in the forw2ard chain (the spammers one). All they do is adding the abuse of port 25 to some host and drop it in the next rule so they cannot affect other "normal" rule...
by Dragonmen
Wed Nov 21, 2007 10:00 am
Forum: Scripting
Topic: How to disable interface via SNMP/Telnet/ssh
Replies: 1
Views: 1155

Re: How to disable interface via SNMP/Telnet/ssh

Can I disable/change status/Speed of an interface with snmp?

Cheers
Well, you need first to know the OID of the interface which you want to set, you can find it with oid/mib browser tools.
I'm not sure but i think the ROS uses SNMP requests read-only.
by Dragonmen
Wed Nov 21, 2007 9:53 am
Forum: Scripting
Topic: Customer with Virus "Port Blocking"
Replies: 13
Views: 6766

Re: Customer with Virus "Port Blocking"

That looks like a great one, but I’m concerned that I have placed it in the wrong place in my firewall rules! I’m not even confident that any of my rules are in the correct order! I might have to resort to having to pay someone to look it over, unless someone here would be willing to look it over t...
by Dragonmen
Thu Nov 15, 2007 2:00 pm
Forum: Scripting
Topic: send update of dynamically assigned ip address to web https
Replies: 1
Views: 871

Re: send update of dynamically assigned ip address to web https

[quote="superrouter"]hello I need to send an update of a dynamically assigned ip address from a pppoe connection to a web https link. i.e. https://updates.opendns.com/nic/update?196.22.33.44 I am useless at scripting and would really appreciate if someone could help me with this. Regards[/quote] ROS...
by Dragonmen
Wed Nov 14, 2007 12:35 pm
Forum: Scripting
Topic: DoS attack or DDos attack Routeros How to do ?
Replies: 17
Views: 25975

Re: DoS attack or DDos attack Routeros How to do ?

[quote="cavital"][quote="Dragonmen"]/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes /ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new...
by Dragonmen
Wed Nov 14, 2007 12:31 pm
Forum: Scripting
Topic: Hotspot authentication issue
Replies: 2
Views: 929

Re: Hotspot authentication issue

Why not just make another hotspot on AP2?
by Dragonmen
Wed Nov 14, 2007 12:04 pm
Forum: Scripting
Topic: Detect and drop or redirect clients with viruses
Replies: 5
Views: 3081

Re: Detect and drop or redirect clients with viruses

Nice idea, however, the biggest problem is in the detecting the infected client. The only way i know so far is that some trojans/viruses sends huge amount of emails (probalby used as the spam relay) which can be detected. For the other ways i dunno how to be sure. Common trojan ports can be changed ...
by Dragonmen
Wed Oct 31, 2007 12:46 pm
Forum: Scripting
Topic: DoS attack or DDos attack Routeros How to do ?
Replies: 17
Views: 25975

Re: DoS attack or DDos attack Routeros How to do ?

/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes /ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=n...
by Dragonmen
Wed Oct 31, 2007 12:38 pm
Forum: Scripting
Topic: P2P server block
Replies: 1
Views: 1227

P2P server block

This will create P2P chain with emule and bittorrent drops for current actual servers. May be useful. [code]/ip firewall filter add chain=P2P dst-address=85.17.52.92/32 action=drop comment="EMULE server drop" disabled=no /ip firewall filter add chain=P2P dst-address=82.130.102.161/32 action=drop com...
by Dragonmen
Thu Jan 19, 2006 1:03 pm
Forum: Wireless Networking
Topic: Wisp setup and suggestion
Replies: 12
Views: 3570

You need an additional card for the AP. I suggest cards based on Atheros 5212 chipset. You can turn wifi card in Mikrotik to AP mode in interface settings. On the other side the distance of 50m is too much. For this case u should move your mikrotik router much closes (as much as you can) to the ante...