By watching proxy logs learn his favorite sites and block them all.
Matt
heres a suggestion that may strengthen the hotspot against the trial period hack a little more against simple mac address rotation, perhaps the trial user can be sent a cookie, then if they come back in with one of these cookies later from a different MAC and try to get trial, they are blocked. Trivial to clear cookies to get around it, I realize, but its one extra annoying step the hacker has to do to get access.
jm
sometimes clients can run IP scan and they can find your subnets by running ip scan then you can not do any thing , also if any autenticated user is online for exmple we might say …
you are controlling them by
- MAC-ADDRESS
- STATIC IP ADDRESS with (.../30)
- limitation per one session
- authenticate by hotspot login page
what else ? you can not do anything if a user is scanning your network .
I heard that there are still hacking HOTSPOT even if it subnetted , they can see any available ip address which is already authenticated …
The best thing is if you are on a network … management by switches with layer 3 .
and for wireless , the only thing that our companies is limiting its customers by their access point ( LOCAL LOOP ) but i am waiting for this configuration … restricting every access point by WPA and IP , it will solve your problems
if anyone found a solution then i would like to hear it .
Regards,
Ghassan
We blocked several ports (udp 161,135-139,445) and icmp traffic; our Hacker’s scanner because useless.
In addition we filter all traffic from clients directed to the AP (input chain) or other clients. Only traffic from client to gateway (AP is not the gateway, we use bridging) got passed.
Maybe not perfect, but the Hackers are gone. 
you can not block any port service even the ip address on direct connected network, Those are going to get working even you take out the router.
I mentioned “AP” aka AccessPoint (wireless). We don’t provide wired access. And we use filters in ‘firewall’ and ‘bridge’.
Anyway, so far it worked. We got the hackers away. Not important for me if ‘technically correct’ 
Let’s go to the beach and get relax… 
Hi,
I will tell one suggestion. We have not yet implemented in our network but let us have a discussion to see if it is a good idea.
1- All customers authenticated by MAC are CPE users
2- CPEs should be protected by password and only ISP technisions can access the CPE not users
3- Configure PPPoE user name and password and/or encryption in the CPE
4- For non-CPE users should use prepaid cards
Is it good?
bye
now the solution might be
1- get a PC
2- Install Linux
3- Install Snort with additional Packgaes and signatures
4- Put the box behind RouterOS
5- Run snort and Block every scanning attempt and blacklist them
hi dear all
I have same problem ,when any hacker use the same IP and MAC of one good user he will be same PC so no way to block it because every thing it same just one thing its not the PC Nname so i can see the name its flashing between the good and bad user “from DHCP server Leases” . so I give small idea let MT team do thing for us we dont need change our server OS.
I think that you lost the point of view.
If you don’t use encryption, all the data of the network can be intercepted easily. No matter the routes, no matter the gateway… nothing matters.
Use WPA/WPA2 PSK with at least 8 characters for your clients, and create a virtual AP opened for the demo.
tnx
its good idea but what we can do for wire?
Hi,
In my country you can use police to attack the hackers who use your network. We had a few people who cloned mac addresses and find out the fixed IP-s. First we changed the clients IP-s but this is a hard work on a bigger network (and some dummy customer can’t do it so it is money too to send out somebody to do this).
After a sort time I allowed them to use the Internet with the cloned (illegal) address and save the traffic on the router (MT can do this). There is a lot of windows and linux program which can analyze the traffic. Every user read his email, login to somewhere, use MSN. There is a lot of way to find out who is the user. For example if you know the MSN login and some friends of the hacker not a big trouble to find who is it.
We found every hacker in 2-3 days and phone them. Just told them if they didn’t stop to use our network we will send every information to police. Nobody tried it again. Never told them how we found him!!!
There was one time when we give information to police. They went out to the hacker and found some drog too We are just waiting for the judgement.
We use pppoe and radius now. We don’t have any phone call from customer since we changed to pppoe. Every AP has separation. So there is no direct traffic between wireless clients. The wep/wpa is not a good solution in my opinion because the old wireless equipment are 10-30% slower if you use these and there is the possibility to crack them.
On ethernet side use the not so cheap managed swithes. If you are a service provider you have to invest money to your network.
There is a lot of good example on the MT wiki,documentation and on the demo routers. Use firewall rules to limit scanners (ICMP ports) and block those ports which is used by the viruses.
Krisz
thnx but if our hackers dont care to police.
then use PPPoE and Hotspot as user magic suggested
or send information straight to police and see what happens
you have all the means provided
thank you
can you tell me plz how i use PPPoE and Hotspot as user magic 
take a look here:
http://wiki.mikrotik.com/
maybe will find something useful
Good. If someone has cloned your SSID and PPPOE server then they are broadcasting from a fixed access point. TRACK IT DOWN. In the US this is criminal hacking, or at least theft of utility. Prove it and sue the guy, get him on the front page of the newspaper. If you are in a more lawless place, find more creative ways of retaliation.
go and play in the street please and stop bothering us.
My same idea 