DHCP - block ip dhcp

yosdeny · April 18, 2018, 5:01pm

mi problema es el siguiente:
nesesito hacer un script que coja las ip de una lista de baneados y la bloquee esa ip en el dhcp estatico.

el motivo es el siquiente. cuando detecto un escaneo de red en la lan interna aunque balla al grupo de baneo, no surte efecto ya que esta en la lan, pero si lo blokeo del dhcp pierde su acceso ala red ya que el dhcp esta amarrado por mac, y el ARP por reply-only

My problem is the following:
I need to make a script that takes the ip from a banned list and blocks that ip in the static dhcp.

the reason is the next. when I detect a network scan in the internal lan but balla to the group of bane, it does not take effect since it is in the lan, but if I block it from the dhcp it loses its access to the network since the dhcp is tied by mac, and the ARP by reply-only

yosdeny · April 20, 2018, 9:29pm

Puede ser una variacion de algo como esto, pero del tema este no se nada llebo con mikrotik menos de dos meces.

http://forum.mikrotik.com/t/block-bad-host-names-on-dhcp-lease/92377/1

sindy · April 21, 2018, 9:01am

Are you fine with the fact that the ban will take place minutes or hours after the malicious activity has been detected, because the DHCP server cannot withdraw a lease from a DHCP client during its validity period, it can only not renew the lease when the clients asks for the renewal?

Are all devices in the LAN connected directly to Mikrotik Ethernet ports, each by its own cable, or are there any other switchec/hubs between the Mikrotik and the devices in LAN?

yosdeny · April 22, 2018, 5:47pm

asi que la idea general es cojer la lista de ip baneadas tirarla contra el dhcp y si esta hay, cambiar su estado a bloqueada, eso para la lan interna, si no esta pues no se hace nada, por que los externos si los bloquea perfectamente, el problema es con los internos en la lan.

yosdeny · April 22, 2018, 5:47pm

so the general idea is to take the banned ip list throw it against the dhcp and if there is, change its status to blocked, that for the internal lan, if it is not then nothing is done, because the external ones are blocked perfectly , the problem is with the interns in the lan.

yosdeny · April 22, 2018, 5:49pm

si se que el dhcp le da un tiempo de vida, pero si a la pc le blokeo el tikec se queda fuera de la red al perder su leased, el tikec normal es de 1 minuto

if I know that the dhcp gives you a time to live, but if the pc is blocked the tikec stays out of the network when losing its leased, the normal tikec is 1 minute

i yo le bloqueo su asignacion de ip en el dhcp queda blokeado automaticamente, ya que la red esta cerrada conrtra el arp, y el dhcp tira directo las ip al arp segun son asignadas

if I blocked your ip assignment in the dhcp is automatically blocked, since the network is closed conrtra the arp, and the dhcp directly shoots the ip to the arp as they are assigned

yosdeny · May 2, 2018, 1:30pm

result perfect, ok

:foreach item in=[ip firewall address-list find list=prueba] do={
:set $ipList value=[/ip firewall address-list get $item address]
:local busyaddr [ip dhcp-server lease find address=“$ipList”]
:ip dhcp-server lease set block-access=yes $busyaddr
}
}

Thank you

sindy · May 2, 2018, 2:28pm

You can simplify that to

:foreach item in=[ip firewall address-list find list=prueba] do={
  :set $ipList value=[/ip firewall address-list get $item address]
  :ip dhcp-server lease set [find address="$ipList"] block-access=yes
}

and even further down to

:foreach item in=[ip firewall address-list find list=prueba] do={
  /ip dhcp-server lease set [find address=[/ip firewall address-list get $item address]] block-access=yes
}