namo
November 13, 2010, 3:33am
1
Does this work with routerOS v4.13
nest:
OK - I don’t have anyone changing their MAC address to get free access on my hotspots, so cannot really test this. But it seems to be working, as best as I can tell. I have basically taken rolands original scripts and made them work on v3.x. I have not tried very hard to make the code efficient. So, if it doesn’t work, I’ll try my best to fix it, but no guarantees as I didn’t originally write this!
Set up a schedule to run this script every few minutes
:local hosts [/ip dhcp-server lease find]
:local pcname ""
:local pcnum 0
:global hacklist ""
# To log the value of $hacklist each hour, make debug 1 (if $hacklist is blank, nothing will be logged)
:local debug 1
:foreach h1 in=$hosts do={
:local host [/ip dhcp-server lease get $h1 host-name]
:if ([:len $host] >0) do {
:set pcname ($pcname . "," . $host)
:set pcnum ($pcnum + 1)
}
}
:local pcnameArr [:toarray $pcname];
:foreach h2 in=$pcnameArr do={
:local hh 0
:if (!([:find $hacklist $h2]>=0)) do={
:foreach k in=$pcnameArr do={ :if ($k=$h2) do={:set hh ($hh + 1) } }
:if ($hh>2) do={
:if ([:len $hacklist] >0) do {:set hacklist ($hacklist . "," . $h2)} else={:set hacklist $h2}
}
}
}
# monitor results in logfile once an hour
:local timer [:pick [/system clock get time] 3 5]
:if (($debug > 0) || ($timer >= "58")) do={
:if ([:len $hacklist] >0) do={
:log warning ("New Hacklist: " . $hacklist)
}
}
Set up a schedule to run this every 20 seconds. (Which is the period of time a hacker will be able to remain active before they get kicked off, therefore this value can be increased if you want to reduce CPU utilisation or you are not worried that the hacker stays connected for longer. Your decision! Do not reduce time below 15 seconds, otherwise script could still be running when it gets called again by scheduler.)
:local host
:local ipnum
:local unum
:local usr
:local i
:global hacklist
:foreach host in=$hacklist do={
:foreach i in= [/ip dhcp-server lease find host-name=$host] do={
:set ipnum [/ip dhcp-server lease get $i address]
:set unum [/ip hotspot active find address=$ipnum]
:if ([:len $unum] >0) do {
:set usr [/ip hotspot active get $unum user]
:log warning ($host . " " . $ipnum . " " . $usr)
/ip hotspot active remove $unum
}
}
}
Programs that steal IP and mac address like NetCut, Doesn’t show the PC name. We can benefit from this if we see that the same MAC address has appeared for different PC in short time, Then the second computer is stealer and we can remove lease of DHCP user and the new users will get new lease.
:local hosts [:toarray “comp1,comp2”]
:foreach host in=$hosts do={
>
:
namo
November 13, 2010, 1:46pm
2
Please correct the codes if they have errors