Please add feature that detects IP duplication on the network and IP duplication of itself.
IP duplication of network: When RoS receives any (maybe ARP) packets, that included same IP address from different MAC address. Maybe two hosts duplicated their IP address in the LAN side.
IP duplication of itself: When RoS receives any (maybe ARP) packets, that included same IP address of RouterOS itself.
Is there anyone with me?
You can probably already do this with scripts because Tools → IP Scan will show multipe devices with the same IP addresses if they exist.
really? that is good idea do detect IP duplicated hosts. But how about if someone duplicated your router`s IP?
You should use a proper L3 switch to protect from that kind of attacks.
Actually most in case, users do it suddenly. Use L3 switch is not good and not cost effective solution. Most of router`s detects if someone duplicates their IP.
It is very important feature and guess it is not very difficult thing to include into ROS.
What do you think a router is supposed to do in case it detects someone else is using the router’s IP address? It is not the router itself who suffer from such an event. And I don’t think the router can do anything to it besides just reporting the issue somehow.
It is not required to use an “honest” L3 switch, a so called L2+ switch (or L2/3 switch) should be enough. Such switches don’t do a real wire-speed L3 routing in HW, however they do allow you to inspect L3 headers of packets they switch at L2. The L2+ switches cost way lower then the “real” L3 switches, but they still allow you to protect your network from the ARP-based attacks.
Alternatively, you can use some SW-based protection, but you will have to install it on ALL client devices in your network. You can, for instance, setup static ARP entry for the gateway, install ARP Defender or similar, etc.
Hi andriys,
You see this topic from wrong side. My request is just a feature, that included most of OS. For example windows has alerts when its IP duplicated. To install switch and do something what you said, it isnt my request. My request is not to protect network from ARP attacks. I don`t need any protection from ARP attack. I just need alert when some of my clients is duplicated my IP.