i hacked my friend wisp - he use user manager 3.13

elnagar_ali · September 17, 2008, 10:28pm

plz its a big Trouble
my friend have wisp using mikrotik user manager 3.13
and he asked me to try to hack the wisp
frist i open netcut and take one cilent data -ip address and mac address
and change my ip and mac to the same this client
first i write the ip address manauly and then change the mac

when i do that i haked the wisp and i can open web site and opsn yahoo messanger
i have full access to the internet
plz some one tell me - how to protect the mikrotik router os from this hack?

aldalil · September 18, 2008, 8:44am

Hi Ali,

It depends on how much your network design is complicated and what internet access authentication is required.

As you mentioned, there was no any kind of security or wireless encryption, then you can access the network easily.
The internet access authentication is by assigned IP address to a MAC address, supposing that there are no 2 identical MAC on the same network and also no 2 IP address on the same network. (As the MAC address can be easily changed to a virtual MAC address, then you have to use different kind of authentication depending on your requirements.)

Suggestions:
1- use any kind of security encryption for your wireless network.
2- For internet access, try to use PPPoE or hotspot.

Regards,
Alaa

janisk · September 18, 2008, 11:02am

for wireless use wireless encryption like WPA or WPA2, for wired you have to use pppoe to ecnrypt data, so no one can sniff unencrypted data over your network.

elnagar_ali · September 19, 2008, 12:26am

i will wait more ideas

QpoX · September 19, 2008, 12:41am

PPPoE? or VPN?

aldalil · September 20, 2008, 10:21am

elnagar_ali · September 20, 2008, 10:55pm

there is no more ideas but i will wait the admin to answer my q?

aldalil · September 21, 2008, 12:43am

Hi Ali,

If you are just waiting the admin to reply, then it is better to push them an email and ask them for support !
But, I guess this is not a support issue, and all what you need as you mentioned above is sharing idea, usually testers can answer you.

Good luck.
Rgds,
Alaa

butche · September 27, 2008, 6:57pm

So your friend is not very good at protecting his network. User Manager is not a security tool. It is just a radius server in Mikrotik. If you were able to get in that easily, then what you are looking for is not just a simple answer. Add encryption to the wireless segment to make it harder to see the data (DO NOT BOTHER WITH WEP). Use the hotspot for auth. Use PPPoE for auth. Use PPtP tunnels for transit. There are LOTS of ways to create a secure network. You want a complete engineered solution? http://www.butchevans.com/. It will not be cheap, but it will be secure. I am sure there are others here who would be willing to help for a fee.
Another thought is attending a training class that would teach you (or your friend) about security options built into MT and how to implement them. My website will show upcoming information about courses that can do that. The Security course is the one you/he want(s).