Help mr.normis Fix NetCut Problem :(

SULTAN · February 6, 2012, 6:35pm

Hi Ihave Problem With NetCuts same this :

http://www.youtube.com/watch?v=1WlfLCfdzlY\

Ineed For Block NetCuts And Any program like it ..

How To Do That Mr.Normis Please

normis · February 7, 2012, 8:17am

use WPA encryption or PPPoE on your wireless AP. This will solve it.

SULTAN · February 7, 2012, 10:53am

Ok ‎‏ ‏normis but how in hotspot system?? Imeen login page ?? How

normis · February 7, 2012, 10:54am

you can use WPA with hotspot, no problem. Just distribute the WPA key together with login/password.

SULTAN · February 7, 2012, 11:18am

You Meen in wireless??

I Need The wireless Stay Open Network For Get New Customers You Know ,

But If you Meen Another Thing Explain It Please .. Its big Problem

normis · February 7, 2012, 11:24am

You could create two access points with help of VirtualAP feature. Example:

SSID: hotspot-registration (no WPA)
SSID: hotspot-login (WPA)

when customer needs internet, they connect to hotpost-registration, register, and get login/pass/wpa key for second AP.

SULTAN · February 7, 2012, 11:32am

Thanks Mr.normis ..

But Its Maybe hard to some customers Do that ..

No any another way To do that ?? Its Big problem if mikrotik dosen’t Fix It ..

normis · February 7, 2012, 11:33am

We are researching how to solve this.

SULTAN · February 7, 2012, 11:44am

I hope Fix This Problem In V 5.13 Mr.normis ..

Any One Can hack My Mikrotik System !

I hope you Take This Problem Seriesly

And Thanks Normis For Help

bambangs2komputer · February 7, 2012, 12:12pm

for my hotspot with RB450G+ 3 AP netcut can’t scaning other member hotspot because I use DHCP-server with netmask 32.but queue will limit all conection from any to any, thats solved if config mangle

normis · February 7, 2012, 1:57pm

SULTAN: Is your wireless AP from MikroTik or only the hotspot server is MikroTik? Have you actually verified that this Netcut program does what is advertised?

SULTAN · February 7, 2012, 2:09pm

Yes Mikrotik RB450G And wireless is rb433 with 2 card wireless ..

itry that way and its work .. imeen same video ..

all my system is mikrotik no any problem ..

idon,t no this how advertised ??

Feklar · February 7, 2012, 10:07pm

The ONLY way to really mitigate netcut and programs like it on a hotspot is to build out your layer2 network in such a way that prevents people from being able to use these programs. There is no solution that is built into any router that will solve this for you. If you want to to block it, this means that you MUST invest in the hardware that you install that has the very features that you need and want. This question comes up very often, and the answer is always the same, invest in the layer2 network to prevent it. Get switches that either do VLANs or port isolation, dhcp-snooping, etc. Get access points that do client isolation (turn off default forwarding on MT radios) to prevent clients from talking to each other over the radio. These will put the protection at the edge of the network where it needs to be in order to prevent people from talking to each other directly. In order for a device to prevent traffic from going between hosts, it must first go over that device. Because of this a layer3 device cannot block communication on layer2, one does not need to traverse the router to talk to another host.

Handing out a /32 is very easy to get around, all I do is have to assign myself a static IP and a larger subnet, and then I can scan the network and find the IP/MAC of any machine on the network within my subnet. It also does nothing to prevent a someone from installing their own DHCP server on their machine and handing out leases on the network, or from taking over the MAC and IP of your default gateway causing problems for clients on the network, or any other number of potential intentional or accidental things that end users do with their hardware. At most it is an annoyance to someone that wants to do this, and may prevent a general user from using a program like this, but it offers no real protection at all.

normis · February 8, 2012, 6:07am

so your hotspot is on the RB450G, and the Wireless is served by RB433?

What do you see in the Log file when the “bad” client takes over the connection of the “good” client? It would be interesting to see the wireless debug log

frnet · February 8, 2012, 10:43am

As discussed in the forum, the problem of using /32 netmask are generally customers with linux (and android) that can not operate without manual set (or script).

bambangs2komputer · February 8, 2012, 3:03pm

you right, for android I use pppoe-client &database on the usermanager so config your hotspot+ppp. don’t forget android your customer root pppoe-client. or you can upgrade your android becouse after upgrade my friend still conct hotspot with netmask 32

normis · February 9, 2012, 6:57am

But if you turn off wireless “default forwarding” then Netcut can’t scan for network hosts. Basically it cripples it’s operation.

Also the old Netcut version used to ARP poison the victim host, but the new one (2.1.4) poisons RouterOS ARP table, which means the hotspot will also not work. Either way, I can’t see how you can get Netcut to operate if Default Forwarding is turned off.

SULTAN · February 9, 2012, 12:37pm

Ok Normis Iwill Try It And Tell You What happened ..

normis · February 9, 2012, 1:16pm

yes! set “default-forwarding=off” on the wireless AP and check, Netcut won’t be able to operate anymore.

SULTAN · February 9, 2012, 6:36pm

Hi Mr Normis ..

I try It With Disable Default-Forwarding ..

And Still Same Problem ..

Look Mr Normis .. The APs Its Bridge .. No Give IP .. i have Make It DHCP server ?? The Wireless Card I mean RB433AH ..