So it is been a long time but I wanted to share this with you all.
I had a punk’r trying to denial of service one of my hotspots by taking up every available IP address. All he did was kept changing his IP address and his mac so that the hotspot would catch him and then use a dynamic IP address for every attempt. This got really REALLY annoying so I made a script that runs every minute. Here is the script just schedule it for the frequency of occurrence that you would like.
Script name: dropDynHack
/ip hotspot host remove numbers=[find dynamic]
Then schedule it. I placed it for every minute. This seems to have done the job.
I think there’s a slightly more elegant and efficient solution you could employ (or at least I think it should work… I’ll have to test…) - use a different IP pool for the hotspot than that of the DHCP server.
In the DHCP server, set the lease time to 1 minute or so, but set the hotspot’s idle and keepalive timeouts higher. This will make sure that logged in users keep their IPs for longer, while non-logged in users won’t.
Now… If the punk actually logs into the hotspot with every mac and IP change, you’re in trouble, but in THAT event, at least you’ll know the username/password (s)he used, so you can actually find him and ban him/her.