I found a dangerous program called IMMonitor MSN Spy. It is to spy on MSN messenger on the same network. I try the program on one of the account in my Mikrotic 4.9 that set with hotspot user.
the program not only spy on the user but the user that you choose his IP can not use he internet. He login and log off. The problem happen even if the user that using the program is not login to the hotspot.
I am afraid that someone found the program and use it to block someone in my network
use firewall to block user to user communication and problem solved.
how? and I don’t want this to block the window live messenger
AFAIK messenger works through the server, so if you block user to user traffic, your messenger won’t work. to tell you how, first show us how your network is built. how are the users connected, wireless?
I have hotspot users account with diffrent speeds. Mikrotik is connected to APs from the LAN side and to ADSL modem from the WAN side.
Repeaters also connected to the access points that has WPA security.
Modem:
WAN : IP from ISP
LAN: 192.168.11.1
Mikrotik
WAN : 192.168.11.2
LAN: 192.168.12.1
User and APs gets IP from 192.168.12.2-192.168.12.254
In the program IMMonitor MSN Spy if I said to watch for example the user with IP 192.168.12.12, he won’t be able to use the internet and when open the browser he keeps forwarded from the page alogin.html to alogin.html
Note:
-I try the program with network that has normal router(no Mikrotik server or a router after the Mikrotik server).
In this case, the internet is working but you can spy in person chat with other people in the messenger.
In Mikrotik server, you disconnect the user instead of spying on him. I want this program to have no effect on my Mikrotik.
-I can not block the messenger because most people use it.
Somewhat wild guess: It probably works via ARP cache poisoning, most of such applications work by tricking the party to listen to into thinking you are their default gateway. Since the Hotspot works on the basis of MAC addresses, screwing with ARP tables on the clients could well lead to them not having access through the Hotspot - for example, the client you’re spying on is logged into the Hotspot, but then you poison its ARP cache to send all traffic through you. The client you’re spying from is not logged into the Hotspot, so the Hotspot router will see all traffic from the spied on client to come from your MAC address and will redirect to a login page instead.
Secure your network access to keep users from talking to one another (don’t know in detail how to do that on Mikrotik APs, hopefully someone else can chime in) and only permit them to talk to the router. On the router ensure that it will not send any traffic into the network with a local network source IP other than itself, and won’t receive any traffic from the network with a local network destination IP other than itself.
That’s good practice in general when dealing with Hotspots as you have little to no control over what clients attach to your network.
I don’t have Microtic APs . I have Gsky APs that is bridge to Mikrotik. THis is the manual :
http://www.gsky-link.com/downloads/PDFs/AP%20user%20manualeqSBmveU_.pdf
Page 11/12 lists the option I was talking about. Don’t be lazy, do some reading yourself.
I read the manual but might not understand each option. which option you are talking about?
Do you mean "
Block Relay Between Clients
Click Enabled/Disabled to decide if blocking relay packets between clients.
"
What effect will this one have and what about clients from other APs because now the spy program work even if the users are connect to different APs
Yes, try that option.
To block traffic between users on different APs use the firewall on the interface to the APs.
Do you mean the firewall of Mikrotik or just this option. If you mean something additional in Mikrotik, how to do that?
I try to the option “block block traffic between users” but I got the same problem. If I open the spy program, the person can not use his account