What's wrong with this script!

PaRaN0iD · January 21, 2012, 3:58pm

Hii Guys

I’m trying to detect untrusted fake Mikrotik router (installed by hacker on virtual machine) in my wlan & kick it out
here is my simple script (noOBy one)

:global int ;
:foreach int in=[/ip neighbor find] do={
  :if ( [/ip neighbor get $int value-name=identity ] = "MikroTik" ) do={
  :log info "Hacker!" 
  /ip neighbor get $int value-name=mac-address
  /interface wireless access-list add mac-address=$int mac-address
  } else={:log info "CleaN!"}
}

I got error when trying to add detected mac address to acces list

interrupted
           invalid value of mac-address, mac address required

Any help appreciated

Thank you

jcem · January 21, 2012, 9:15pm

This works…

:local int;
:local machack;
:foreach int in=[/ip neighbor find] do={
  :if ( [/ip neighbor get $int value-name=identity] = "Mikrotik" ) do={
  :log info "Hacker!";
  :local machack [/ip neighbor get $int value-name=mac-address];
  /interface wireless access-list add mac-address=$machack;
  } else={:log info "CleaN!"}
}

RGDS

PaRaN0iD · January 22, 2012, 9:35am

jcem:

This works…

:local int;
:local machack;
:foreach int in=[/ip neighbor find] do={
  :if ( [/ip neighbor get $int value-name=identity] = "Mikrotik" ) do={
  :log info "Hacker!";
  :local machack [/ip neighbor get $int value-name=mac-address];
  /interface wireless access-list add mac-address=$machack;
  } else={:log info "CleaN!"}
}

RGDS

Thank you jcem
work like charm!

Now i’m trying to detect fake mikrotik by “board name” value
if “board” value null ofcourse it’s fake because it’s a virtual machine based
so i tried this :

################################
# # Fake MikroTik Killer       #
# # BY: lnuxxunl               #
# # Thank you jcem For support #
################################

:local int;
:local machack;
:foreach int in=[/ip neighbor find] do={
  :if ([/ip neighbor get $int value-name=board]  = "" ) do={
  :log warning "Fake MikroTik Server Detected!";
  :local machack [/ip neighbor get $int value-name=mac-address];
  :log info "adding Fake Server to access list!";
  /interface wireless access-list add mac-address=$machack authentication=no forwarding=no;
  :log info "Fake Server Kicked Out!";
  } else={:log info "CleaN!"}
}

But the script couldn’t understand the null value so it give
log message CleaN!

jcem · January 22, 2012, 5:55pm

What does

:put ([/ip neighbor get X value-name=board] = "")

give you?

X= the number of the neighbour

true or false?

adeelkml · January 22, 2012, 7:31pm

whats wrong with this script…whenever i use this script i was unable to load balance…only one only WAN work at a time.However failover is working fine but both of the WANs donot work together…any help?helpful answer will be appreciated
/ip address
add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

nest · January 22, 2012, 8:15pm

What has this to do with detecting a fake virtual Mikrotik? You should not ‘hijack’ an existing post thread that is nothing to do with your problem. Please create a completely new forum post.