There are lots of thread about MAC cloning, but there is no satisfying answer to this problem and I didn’t know how serious it’s till I did some tests.
My testing device is 951Ui-2HnD, I created a virtual AP with WPA2 authentication, and created a hotspot using the Hotspot Setup wizard.
After connecting and logging in to the hotspot using an iPad, I changed my MacBook MAC address to the iPad MAC and connected to the Hotspot, it gets the same IP address of ipad and internet just works!!! But the ipad is disconnected after some times. If iPad user don’t reconnect hacker can continue using the internet.
I repeated the same thing with ipad and an ubuntu machine and both of them works at the same time.
As MAC addresses are transferred unencrypted over the air even in a protected AP (You can sniff them with Airodump) it takes moment to hack Mikrotik Hotspot. Pay attention preventing IP scan by disabling forward on interface won’t help because having the MAC is enough, DHCP give the same IP to the cloned MAC.
So it takes less than 1 min to hack the Mikrotik Hotspot, Is there any workaround for this issue?
I tried to assign different IP after user authentication, but it’s more like a virtual IP and device real IP doesn’t change, and still second connected device get access to internet.
The best solution would be to prevent duplicate MAC to authenticate to WiFi, or maybe logout the corresponding user.