quiero hacer algo parecido. Al detectar un antaque interno en la LAN la ip del atacante es enviada a una lista de vaneo, pero no se como hacer para que dicha ip sea blokeada en el dhcp, ya que todas mis ip son por dhcp estatico amarrado por mac y con ARP en modo reply-only
I want to do something similar. When detecting an internal antaque in the LAN the ip of the attacker is sent to a list of vaneo, but I do not know how to do that ip is blocked in the dhcp, since all my ip are by static dhcp moored by mac and with ARP in reply-only mode
Are you fine with the fact that the ban will take place minutes or hours after the malicious activity has been detected, because the DHCP server cannot withdraw a lease from a DHCP client during its validity period, it can only not renew the lease when the clients asks for the renewal?
Are all devices in the LAN connected directly to Mikrotik Ethernet ports, each by its own cable, or are there any other switchec/hubs between the Mikrotik and the devices in LAN?
si se que el dhcp le da un tiempo de vida, pero si a la pc le blokeo el tikec se queda fuera de la red al perder su leased, el tikec normal es de 1 minuto
if I know that the dhcp gives you a time to live, but if the pc is blocked the tikec stays out of the network when losing its leased, the normal tikec is 1 minute
si yo le bloqueo su asignacion de ip en el dhcp queda blokeado automaticamente, ya que la red esta cerrada conrtra el arp, y el dhcp tira directo las ip al arp segun son asignadas
if I blocked your ip assignment in the dhcp is automatically blocked, since the network is closed conrtra the arp, and the dhcp directly shoots the ip to the arp as they are assigned
Quisiera tu ayuda para ver como logro hacer que este script funcione con una lista y no con una ip asignada a una variable.
I would like your help to see how I can make this script work with a list and not with an ip assigned to a variable.
:local hacklist “172.23.4.1”
:foreach host in $hacklist do={
:local busyaddr [ip dhcp-server lease find address=“$host”]
:local i
:foreach i in $busyaddr do={
/ip dhcp-server lease set block-access=yes $i;
}
}
I’m afraid I don’t understand exactly why you’ve used two cycles where one should be sufficient, but I’m afraid there is no way to match the leased addresses against a list directly, without any cycle at all.
$hacklist
contains the addresses of all dhcp clients you want to block, right? So the inner cycle should only run once each time, because the each
$host
should not exist more than once in the leases, so
$busyaddr
should always contain a reference to a single lease. Is that not the case?
My script would be
:local hacklist "172.23.4.1"
:foreach host in $hacklist do={
/ip dhcp-server lease set [ip dhcp-server lease find address="$host"] block-access=yes;
}
But I still maintain that by blocking a MAC address on DHCP level as you do above, you cannot prevent the blocked client from contacting other clients in the same subnet until the lease expires, because even if Mikrotik would ignore the arp requests coming from the blocked client (I don’t know where you’ve found that), the other clients on the LAN will not ignore them. So until the lease expires, that malicious client will still be able to attack other devices on its LAN.
si es como dices, pero quiero que lo haga para una address-list con varias ip dentro, se que el ya estara otorgada, pero al blokearla como esta puesto en el dhcp que envie al la tabla arp, su leased quedara interunpido, siempre puedo luego hacer otro laso y eliminarlo del la tabla arp. pero quiero hacer este primero.
if it is as you say, but I want it to do it for an address-list with several ip’s inside, I know that it will already be granted, but when you block it as it is in the dhcp that you send to the arp table, your leased will remain interunited, I can always Then do another laso and remove it from the arp table. but I want to do this first.
pero con ip pk el comentario no se pone cuando se genera automaticamente de uan lista de baneo.
but with ip pk the comment is not put when it is automatically generated from a ban list
I’m afraid google translator’s performance on Spanish->English translation is not as good as you believe because I have problems to understand what you wrote.
It is useful to translate the sentence from Spanish into English and then translate the result into Spanish. If the result in Spanish has the same meaning as the original, it is quite likely that the sentence in English also makes sense.
