Community discussions

 
jassimmh
just joined
Topic Author
Posts: 1
Joined: Thu Apr 08, 2010 8:52 am

Help

Sat Apr 10, 2010 10:10 am

Hello
How do I prevent programs and all programs netcut hacker to penetrate the server Almaekerotk BR433 - XR5
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 811
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: Help

Tue Apr 27, 2010 4:08 pm

By learning what the firewall does? http://wiki.mikrotik.com/wiki/Firewall

You need to learn more and understand the subject more. But the above link will help.
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
IRC channel: #routerboard on irc.z.je (IPv4), 6.irc.z.je (IPv6)
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Help

Tue Apr 27, 2010 6:38 pm

This topic may help:
http://forum.mikrotik.com/viewtopic.php?f=13&t=21040


"Almaekerotk?!?!"
--Do you remember that guy who gave up? Neither does anybody else!
 
reinerotto
Member
Member
Posts: 437
Joined: Thu Dec 04, 2008 2:35 am

Re: Help

Wed May 19, 2010 2:59 pm

Looks like I have the same problem with "Netcut" on my payed hotspot (Standard MT-hotspot), but only from time to time.
However, now I am asked to implement several FREE hotpots on an university campus. Actually I am afraid of it, because of the chance to attract a crowd of "netcutters" from the smart students.

I did not find any simple to use cookbook for protection using a search on this forum.
Any updates for this topic ?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Help

Wed May 19, 2010 3:04 pm

In my opinion the safest way to protect clients from Netcut to control their access to the network.
- WPA/WPA2 configuration on AP should do the job for the wireless clients;
- Management switch should do the job for Ethernet network;

When it is not possible to use both mentioned options, but 100% defense from netcut is needed, I would recommend to use PPPoE server;
- disable IP address on local interface;
- setup PPPoE server on the local interface;
PPPoE client gets address, when PPPoE session is established.
 
reinerotto
Member
Member
Posts: 437
Joined: Thu Dec 04, 2008 2:35 am

Re: Help

Thu May 20, 2010 11:02 am

Hi, sergejs:
I think, all the offered solutions are not user friendly enough for a public/free hotspot.
And they interfere with the standard hotspot-setup of RoS. So installation is not easy.
I would appreciate a "99%" solution, easy to be used together with default MT hotspot setup.

May be, we can discuss some general approaches ?

How about
- During login to MT-hotspot, in alogin.html insert a script to create a static ARP entry to the gateway (MT-box)
for the hotspot-client
- in hotspot on MT-box, create static ARP to hotspot-client entry after successful login
- block ICMP in MT-box firewall

Any comments ?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Help

Thu May 20, 2010 12:04 pm

Static ARP does not work with HotSpot Universal client.

Who is online

Users browsing this forum: MSN [Bot] and 29 guests