Hi,
suppose the following scenario:
- Mikrotik is used as access point in a public place for end users. There are no well-known MAC addresses for PtP connection. IP addresses to clients are assigned with an external DHCP server outside the Mikrotik.
2a) one of many notebooks runs arpspoof hoping to flood the ports (eavesdropping based on overloading ARP tables, DoS)
2b) one of many notebooks starts to send traffic with spoofed IP address, however from the “right” subnet, thus general source address validation based on “this IP address is from the right subnet at least” isn’t sufficient.
///
Before I setup a lab…
What exactly does “Number of clients” mean? Can one client have actually more than one MAC address?
Is there any mechanism for “one association - one MAC address - one IP address”? ARP inspection, DHCP snooping, … I didn’t find any yet, neither I found some good trick for this.