hello every one ..
i have a 5.25 pc mikrotik .. and there are a lot of annoying people who are trying to
log in to my hotspot with different usernames .. and it is really annoying .. and sometimes
they succeed in logging in .. so i will be thankful for you to offer any help
something like blocking any MAC address for 24hrs if it tried to log in more than 5-7 times without success …
thanks in advance
Logging in to what? the admin stuff?.. you really shouldn’t just have ports open to the world.
login to my hotspot .. i mean as a user .. u know
I use FreeRADIUS for my database, and it has a brute force login deterrent.. It allows the radius administrator to set a reject-delay value in the security section of the radiusd.conf file. The default value is 1. This means that only one request per user will be allowed per second, no matter how many are submitted during that second, all subsequent login requests during that second will be ignored.
The best way to discourage that is to require your users to use a password that is not guessable or simple. If a hacker is logging in with another user’s password without the user’s permission or knowledge, then the password was not complex enough or was broadcast in clear text over your wireless network. Do not use the pap login method unless you are using SSL on your hotspot login page.
I do not use SSL, but I do use chap, which encrypts the password only.
thank you “SurferTim” .. but i have the mikroik usermanager .. i was wondering if there are any rules to add in the firewall to manage such a thing … i mean to put the hackers MAC address in a special address list to get blocked for couple hrs . after the hacker was trying to login many times … i guess i have seen some thing related to this one day …
thanks >>
I have been known to block a radio from connecting to my AP using the radio mac address in “/interface wireless access-list”, but that can be just temporary. If the hacker is good, he/she will just change the mac address and continue the attack.
If you have determined the hacker is using known usernames, he/she could be getting those by packet sniffing your wireless signal.The way around that is using a SSL certificate on your hotspot login page. That way everything is encrypted.