I want solution for NetCut

RouterOS Scripting
1

I have Mikrotik with hotspot. I used every method I find to stop netcut but unauthorized users can get IP and MAC address of an authorized user and set their wireless adapter and they use the internet without passing with the login page

In hotspot, it appear that one user is login, but two users are sharing the connection.

what is the solution?

Note:

the hotspot Ethernet port connected to switch which is connected to APs

2

Impossible to solve on the Hotspot. Buy switches and APs that can perform client isolation and disconnect wireless and wired clients when they detect spoofing. Note that legitimate clients may flap between APs and cause false positives unless a system performs some very advanced analysis.

In short, there is no magic button for this that doesn’t cost a lot of money (tens of thousands of dollars).

3

this topic was already posted: http://forum.mikrotik.com/t/help/36849/1

4

I read that it is useful to set the netmask in the DHCP server to 30. Is it better to set it to 32?

and in some posts I read to do the fallowing:

/ip firewall filter chain=input protocol=icmp action=drop
/interface ethernet set ether1 arp=reply-only
/ip arp add address=1.1.1.1 mac-address=FF:FF:FF:FF:FF:FF interface=ether1

Is this IP WAN or LAN? Or I just add the same IP and mac?

5

It is only useful to set the netmask to /30 if you have a DHCP server that can give each client its own gateway. RouterOS cannot do that. Additionally, it doesn’t prevent anyone accessing the network via wireless from spoofing a MAC and IP address, so it is useless for your purpose (it can be useful on the wire in some situations). Same for /32, which will not work at all on a non PPP network. Such a static ARP entry doesn’t help, either.

It’s not want you want to hear, but: there is no solution for netcut (or whatever other name you want to give someone finding a legitimate MAC and IP address combination and spoofing it) for you to implement. So it goes.

6

so Is it better to leave netmask blank as before?( I am not taking about better for netcut but for general setting)


Do you recommend any AP that can perform client isolation and disconnect wireless and wired clients when they detect spoofing?


the one I have are Gsky http://www.gsky-link.com/downloads/PDFs/AP%20user%20manualeqSBmveU_.pdf

I can buy nanostation or Bullet from ubnt http://www.ubnt.com/wiki/AirOS_3.4

Does those have these recommended options?