how to avoid mac scanning programs

iraqnetworks.net · July 6, 2007, 12:18pm

Hi all

there is very important problem to Mikrotik hotspot users
i use MikroTik Hotspot in my wireless networks but the problem i have there are some huckers using programs to scan mac adresses in network and then change the mac of thier computers using mac adress of one of my customers and then get internet shared with the victim costumer band (who they using his mac)
please can u provide me afirewall to help me to disable this scanning of mac adresses or any other way

with my best wishes
Majeed_R0mantic
Iraq Networks Manager

sergejs · July 6, 2007, 12:47pm

Enable encryption on your wireless link WPA or WPA2, it must help you to protect wireless link from “bad” users.

iraqnetworks.net · July 6, 2007, 2:44pm

Thank you segejs for quick reply but the problem i have and (all interner providor in iraq) have we can not enable encryption on our wireless because we have alot of users so we can not write password to everyone and for adversing of our companies and networks we need to broadcast free wireless SSID using adveresting hotspot login page so is there anyway to avoid this bad users or to disable mac adresses scanning in networks

with my prior thanks for ur reply

uldis · July 6, 2007, 3:10pm

Another option is to create a virtual AP on top of your exiting AP. For this Virtual AP you can enable the WPA security and provide to your customers - move them from the unsecure AP to secure AP. And use the regular AP for advertisment and limited time users, where you could maybe use slower speed.

broken · July 13, 2007, 9:49am

To avoid mac scanners inside your network you should use BROUTE feature of your MT. It cause that all packets from wireless interface are being forwarded to defined MAC address of the router. So potential attackers or user who wants to scan your network can just get only mac of the router - one machine. Of course it works only when you have disabled packet forwarding on wireless interface (uncheck “forwarding” in wireless interface options). It really important to have recent access-list linked to the interface!

This method doesn’t work when attackers use passive sniffing application like Kismet, Airopeek-NX and others. Cause top of the OSI/ISO Layer aren’t encrypted or even hashed. So MAC address can be sniffed even when you use WPA/WPA2 etc. etc.