how to prevent hotspot hack by clients?

nelson6069 · November 13, 2012, 9:12pm

is there anyway to prevent hotspot hack by my clients?

this 1 the way i found it online to bypass mikrotik hotspot login..
http://www.youtube.com/watch?v=I22NSeutHLM
anyway to prevent it?

jandafields · November 14, 2012, 1:31am

Specify the “hack” you are talking about. Are they guessing your password? Are they prying your hotspot off the post?

nelson6069 · November 14, 2012, 5:12am

http://www.youtube.com/watch?v=I22NSeutHLM

this is how they bypass mikrotik hotspot.. anyway to prevent this?

Neilson · November 14, 2012, 6:01am

After looking at the video its a fairly simple mac address clone from looking up the arp tables of people in the network, picking someone who we guess is logged in and clone in their mac address and IP address and then use their existing login.

My experience with Hotspot is not very extensive but it would seem to me that to help prevent this you would want to start with turning off default forward on your Wi-Fi AP to give client layer 2 isolation. This would probably not be a solution as they are bound to be able to still locate mac addresses of other devices.

Other than that I will hand over to other more experienced people to advise.

Regards
Alexander

Chupaka · November 14, 2012, 10:31am

they work over Ethernet in the video, so the solution is to use managed switches with IP-MAC-Port binding

wnmuroki · November 14, 2012, 11:24am

My question would be, is this possible over wireless and what is the solution?

ibr771 · June 12, 2015, 7:54pm

how to Protect your hotspot from hacker
1- go to ip address
change the “Local”(out interface) subnet mask to 8 (255.0.0.0)
ex: my Local ip is 192.168.10.1/24 change to 192.168.10.1/8

2- go to ip dhcp server - network chane the subnet to 8

dannyboy · September 1, 2015, 6:55am

IBR771,

Can you explain why this would work? I would like to know to improve my knowledge. Also I will be setting up a large hotspot, am getting information that some people are saying that they will by my 24hour voucher connect to the wifi via a computer and then do internet connection sharing to share the internet with other people. I know Mikrotik can stop this, I heard it when I took the mikortik routing class but I dont remember. Can anyone guide me on this. I had posted before I found this post.

http://forum.mikrotik.com/t/security-hotspot-routing-question/90993/1

Ape · September 1, 2015, 7:35am

Hi,

I would like to read the explanation too. Thanks.

Ape

porkyz · May 13, 2016, 10:32am

Sorry to bump up an old thread, but i’ve try to search the forum for the solution, but can’t find any.

The “hack” I’m talking about is user guessing my password many times, since I’m using a password with format of “blablaXXblabla”, where XX is 2 digits number and blabla is constant string. Every day XX is changing randomly.

So the user is guessing from 00 to 99, without being banned by mikrotik automatically. I want to limit the number of guessing password to 5 times. So if any users input the password wrongly for 5 times, they will be banned for several days based on their mac addr.

I can’t figure out how to do that, and where to do that.

Fyi, I’ve limit the number of guessing password for ssh and winbox to 3 times by manipulating the “connection state” equal new. That’s how I would know that users are trying to guess (brute force) my mikrotik password.

–
Regards,
Denni