I'm attempting to see if it is even possible to identify if there is a persistent pattern of failed access attempts.
I set up a logging rule/action for wireless debug according to https://wiki.mikrotik.com/wiki/Manual:W ... Debug_Logs and attempted an access with a bad password (PSK) using a smartphone.
The most I can see is "disconnected, unicast key exchange timeout" (see log extract). However, I can't be sure that all potential "attacks" will yield the same format message or even be visible to the access point.
Has anyone explored this ?
Code: Select all
16:49:26 wireless,debug DEBUG:: wlan1-1: 90:18:7C:D5:AC:BE attempts to associate
16:49:26 wireless,debug DEBUG:: wlan1-1: 90:18:7C:D5:AC:BE not in local ACL, by default accept
16:49:26 wireless,info 90:18:7C:D5:AC:BE@wlan1-1: connected, signal strength -46
16:49:26 wireless,info action1:: 90:18:7C:D5:AC:BE@wlan1-1: connected, signal strength -46
16:49:26 wireless,info DEBUG:: 90:18:7C:D5:AC:BE@wlan1-1: connected, signal strength -46
16:49:31 wireless,info 90:18:7C:D5:AC:BE@wlan1-1: disconnected, unicast key exchange timeout
16:49:31 wireless,info action1:: 90:18:7C:D5:AC:BE@wlan1-1: disconnected, unicast key exchange timeout
16:49:31 wireless,info DEBUG:: 90:18:7C:D5:AC:BE@wlan1-1: disconnected, unicast key exchange timeout
16:49:35 firewall,info DROP: input: in:ether1 out:(unknown 0), src-mac 90:18:7c:d5:ac:be, proto UDP, 0.0.0.0:68->255.255.255.255:67, len 343
16:49:35 firewall,info action1:: DROP: input: in:ether1 out:(unknown 0), src-mac 90:18:7c:d5:ac:be, proto UDP, 0.0.0.0:68->255.255.255.255:67, len 343
16:49:53 dhcp,info BASE_DHCP deassigned 192.168.0.12 from 90:18:7C:D5:AC:BE