Hide your MAC Address from hackers ??how how how please???

srmed2000 · November 29, 2007, 12:24am

How can I Hide my MAC Address from hackers and IP and username … ???

I surprised that one HACKER gave me the names of users,MAC Address ,IP and IP mikroTik

How to defend myself …Is there a solution???

srmed2000 · November 29, 2007, 1:56pm

help meeeeeeeeeeeeeeeeeeee!!!

fcwireless · November 29, 2007, 9:58pm

go to system > shutdown

the hacker will be stopped in his tracks.

seriously though, might want to examine your internal network. Chances are he’s got an inside connection and you’re not configured right.

srmed2000 · November 29, 2007, 10:36pm

i using hotspot mikrotik v2.9.27

and the hacker is know all the MAC address … and can log by change MAC

How can i stop hacker… please tel me

jacoblydon · November 30, 2007, 3:56am

First of all how many clients are registered clients of yours. If you dont have any clients just disable the wireless card. Is this an option? Watch the registration find his MAC address, and make firewall rule to drop connection to that MAC. Let me know I will watch forum.

srmed2000 · November 30, 2007, 8:13am

give me filter rules

antefe · November 30, 2007, 11:06am

If he has all this info about your network, chances are that you’ve got more than one devices compromised in your network. Shut Down EVERYTHING, boot each pc in safe mode, and scan it with an antivirus. Once youve done that. You should change ALL the passwords of the PCs and Network Devices. About the firewall configuration you should block all the ports that aren’t needed from the inside of your network (eg allow only 25,80,110,445)

jacoblydon · November 30, 2007, 2:45pm

Try winbox>ip>firewall>add rule>chain=input>in>interface wlan1 or hotspot>advanced>mac of hacker>destination address=your device>action drop… If this works then reset all passwords on devices, and MAC filter from here on out or User manager or WEP WAP or something.

srmed2000 · November 30, 2007, 8:03pm

Thank you ((jacoblydon)) for your reply to queries

Please … Explain in detail !!!

Winbox
Ip
firewall
Filter rules
add rule
chain=input
in.interface wlan1 or hotspot (???)
advanced
MAK Address mak of hacker
destination address=your device
action drop

jacoblydon · December 1, 2007, 3:58am

Well I didn’t know what interface your Hot spot, was on wlan1, or named Hotspot. If you have both do same firewall rule on all Wireless interfaces.. It was compromised through wireless interface right?

jacoblydon · December 1, 2007, 4:05am

Winbox
Ip
firewall
Filter rules
add rule
chain=input
in.interface wlan1 or hotspot (???)
advanced
MAK Address mak of hacker
destination address=your device
action drop

chain-input yes because data will be on, input coming (in) to your device, and the MAC of suspected hacker you put on the advanced page of ip>firewall>advanced the MAC you think is comprising your AP. Destination address is the address of your device that the hacker has taken advantage of. Action=drop… connection from this suspected device

jacoblydon · December 1, 2007, 4:06am

srmed2000 · December 1, 2007, 11:18am

Thank you very ((jacoblydon)) for your reply to queries

1-Please saw pictures attached … Are the settings correct???

2-I hope you tell me about The basic function of this rule ??and how to make sure it works properly

My Wi-Fi Network is like in the diagram -1- My server is MikroTik 2.9.27 I’m using HotSpot Authentication By Mac and HTTP CHAP and HTTP PAP, I create a user name for every client in my network.

jacoblydon · December 1, 2007, 8:45pm

Yes that looks right to me.

jacoblydon · December 1, 2007, 8:48pm

Is ether2, the port that has been compromised?

srmed2000 · December 1, 2007, 9:33pm

Yes

I Do that but no thing do !!!

I hope you tell me about The basic function of this rule ??and how to make sure it works properly

navibaghdad · December 1, 2007, 10:06pm

Dear Sarmed,

As I see ur problem is related to this controversy http://forum.mikrotik.com/t/hacking-hotspot/9775/1 and u can disable default forward from ur wireless card to isolate ur client.about the person he told u all this information about ur users and there MAC its very simple cause u can do that with a simple scan program and then change ur MAC address and use the service as we discuss in the link above

Regards,

jacoblydon · December 2, 2007, 6:23pm

Yes

I Do that but no thing do !!!

I hope you tell me about The basic function of this rule ??and how to make sure it works properly

It should work, the firewall is correct. The rule is correct. You did it right. The basic function of the rule is to stop access from the MAC of suspected hacker you have probing your network. You should not see the MAC of hacker show up if the rule is working. It sounds like you need a Mikrotik consultant to come and help you.

normis · December 3, 2007, 9:20am

also make sure you make a new router user for yourself, and then disable the default admin user. the new user has to be in the full permission group.

and of course - buy a license for your routeros …

srmed2000 · December 3, 2007, 3:36pm

Is there scripts is linking the MAC Address with the name computer (Hostname)???