hotspot kills my LAN

rxrxrx · March 17, 2009, 1:31pm

hi, im using mikrotik 3.20 to create a hotspot point.
it worked OK for a couple of weeks,then i got a call from a LAN user (no wifi ,not connected to hotspot box) that, he got a message on his browser, that asks him a username/password. which is hotspot login page.

i guess,a user has a bridge between his wireless and LAN adapter that is probaby windows’ sharing internet feature or something like that.

and since mikrotik hotspot is likely doing some arp poisoning (not sure,but i guess that also), the LAN users are spoofed immediately i turn on the mikrotik box. (i had to shut down it on the first call)

how can i fix that ?

thanks

Chupaka · March 17, 2009, 2:38pm

fix what? it’s designed behaviour - users access hotspot independently of their network settings

normis · March 18, 2009, 7:13am

if that user accidently connected to your wireless hotspot network, and got the login screen - that is what’s supposed to happen. tell him not to connect to other unknown netoworks, and turn off the wifi card when not using it.

rxrxrx · March 18, 2009, 9:12am

thanks for replies.

no the user is not accidently connected to hotspot.
and it is of course expected, for wifi users to get login pages.

|INTERNET||HOTSPOT|~~~~|hotspot user|{LAN}|LAN GATEWAY|__|INTERNET|

the problem is, LAN users are getting hotspot login page (not connected to hotspot directly)

Chupaka · March 18, 2009, 11:14am

if that user uses bridge - then LAN users ARE connected to hotspot directly, using bridge =)

rxrxrx · March 18, 2009, 12:08pm

yeah,cant i deny that ? (that is what i mean to_fix in first post.)

normis · March 18, 2009, 12:09pm

how can you deny your client’s to use bridge? they can use whatever software they want, can’t they? this is like running another DHCP server in the network - it will also cause major problems.

rxrxrx · March 18, 2009, 12:24pm

so 1 solution left for me.
disable hotspot,and use a basic dhcp server, and mac filtering (instead of giving user/pass to users) via firewall.

normis · March 18, 2009, 12:41pm

do you think this can happen very often when somebody bridges their cards accidently? I’ve never heard such issues before

Chupaka · March 18, 2009, 9:36pm

if someone from LAN complains, tell him that the reason is that user with bridge - it’s not your trouble! why the hell should you answer the malicious actions of other users?

rxrxrx · March 19, 2009, 7:28am

i am not sure of the bridge, but imho, its the only possibility.

i cant control users to not to make bridges etc. that is right.
but the box that is doing arp spoofing is mine,anyways.

Chupaka · March 19, 2009, 10:04am

if somebody has stolen your car and knocked down somebody - it’s not your problem again =)

wireless12 · March 19, 2009, 10:17am

ooooooooops if its really an ARP poisoning (i wish is is not) only GOD can save you. if suffer a lot by this issue and my entire wisp network become a fish market. but i don’t know how i came out with it, i remember i disallow all the wlan interface and allow them one by one only after formating the computer and installing a decent anti-virus in each computer.

then only i was able to was able to make my network stable agian

hope this helps

rxrxrx · March 19, 2009, 10:20am

arp spoofing box is not an infected workstation, it is the design of hotspot.