Good night,

I can predict the unauthorized distribution of dynamic IP address via DHCP?
Resumindo- If a malicious user put a virtual machine with a DHCP server, he can send addresses valid for the entire network, it is possible to guard against that?

Regards,

Mikrotik support DHCP Server Alert function that can tell when a new DHCP server is found.

/ip dhcp-server alert
add disabled=no interface=bridge-lan on-alert="/log error \"server found\""

You can add your own script as required.

It is also possible to filter DHCP on a Bridge if required. http://wiki.mikrotik.com/wiki/Bridge_Fi ... CP_Traffic

What exactly does this bridge dhcp filter in wiki?
I also have this problem in buildings that users connect routers to their apartment without asking.

manageable switches normally have this functionality because its a problem to be solved at access layer

So filtering dhcp in bridge as said above wont help right?

Mikrotik support DHCP Server Alert function that can tell when a new DHCP server is found.

/ip dhcp-server alert
add disabled=no interface=bridge-lan on-alert="/log error \"server found\""

You can add your own script as required.

Hello Friend,

I created this alert, thanks for the tip.
But as this alert work? Where will I be alerted?

What this video is doing the same thing this address above?
Sorry, I am a layman in this part
https://www.youtube.com/watch?v=oP1sIROxcwg

manageable switches normally have this functionality because its a problem to be solved at access layer

Unfortunately my Switch does not offer this feature.
Thanks!

What exactly does this bridge dhcp filter in wiki?
I also have this problem in buildings that users connect routers to their apartment without asking.

I also like to know what these rules will do?

I think this video shows a correct tip for warning procedure work correctly, see

https://www.youtube.com/watch?v=lgD6qqJAISk

OR...

I think this video would be valid, but do not understand anything in this language

https://www.youtube.com/watch?v=4cfQ4y079dM

Yes these rules works. You have to place a command also to sent u email that a rogue dhcp has appeared in the network

This is the script i am using in my routers. This is from another user posted in the past...

:local CurrentTime [/system clock get time]
:local hostname [/system identity get name]
:global date [/system clock get date]
:local int "$interface"
:local addr "$address"
:local mac $"mac-address"
:local dh

/tool e-mail send to="mymail@gmail.com" subject="ROGUE DHCP Server have been detected on $hostname at $date - time $CurrentTime - Interface= $int - IP Address=$addr - MAC-Address= $mac"

This is the script i am using in my routers. This is from another user posted in the past...

:local CurrentTime [/system clock get time]
:local hostname [/system identity get name]
:global date [/system clock get date]
:local int "$interface"
:local addr "$address"
:local mac $"mac-address"
:local dh

/tool e-mail send to="mymail@gmail.com" subject="ROGUE DHCP Server have been detected on $hostname at $date - time $CurrentTime - Interface= $int - IP Address=$addr - MAC-Address= $mac"

I'm using the same commands this video below, I'm not sure this works see:
https://www.youtube.com/watch?v=lgD6qqJAISk

/ tool e-mail send to = "my-e-mail" subject = ("DHCP server on the network from unauthorized." [/ system identity get name]) $ $ address $ interface server "mac-address" "

If I want to use your tip, just copy this script and put the correct email, only this?

Put your email address and also set correct parapeters in tools-email

Put your email address and also set correct parapeters in tools-email

Perfect my friend, I've done this procedure
Unfortunately there is no way the own mikrotik to prevent false DHCP servers (unauthorized). I think these functions are all layer two (switch). So far only found detective tips and not preventive (proactive)

What exactly does this bridge dhcp filter in wiki?
I also have this problem in buildings that users connect routers to their apartment without asking.

I also like to know what these rules will do?

They will stop DHCP traffic if it passes through the MikroTik router. However, DHCP packets are distributed in the whole LAN, independent from the router.

As already mentioned, a manageable/smart switch is really the only way to filter out such packets, by making all devices forward packets only in the direction of your router and back (which would also effectively forbid your clients from communicating with each other at all, without the router's permission).

The alternative is simply not using DHCP, but using either IPs or PPPoE. Leave DHCP to provide settings that only lead to a single web page, which explains how to setup the connection "manually".

What exactly does this bridge dhcp filter in wiki?
I also have this problem in buildings that users connect routers to their apartment without asking.

I also like to know what these rules will do?

They will stop DHCP traffic if it passes through the MikroTik router. However, DHCP packets are distributed in the whole LAN, independent from the router.

As already mentioned, a manageable/smart switch is really the only way to filter out such packets, by making all devices forward packets only in the direction of your router and back (which would also effectively forbid your clients from communicating with each other at all, without the router's permission).

The alternative is simply not using DHCP, but using either IPs or PPPoE. Leave DHCP to provide settings that only lead to a single web page, which explains how to setup the connection "manually".

Well, taking advantage of the topic, you know a way (with script usage) to detect the same mac-address (clone) in HOTSPOT network? I've been looking for this for a long time!

I think this:

https://github.com/davidnutter/mikrotik-arpwatch

will do what you want but a) documentation for it is thin on the ground and b) it requires an external server to run it on [although I guess you could run it on an OpenWRT metarouter]

I think this:

https://github.com/davidnutter/mikrotik-arpwatch

will do what you want but a) documentation for it is thin on the ground and b) it requires an external server to run it on [although I guess you could run it on an OpenWRT metarouter]

Sorry friend, but I do not understand WHAT you wrote above. This is a complementary tool to prevent or detect ARP spoofing?

arpwatch alerts you when a MAC address changes IP address, or when an IP address changes MAC address. If a "bad guy" assumes somebody else's MAC and IP addresses, you aren't going to be able to know who the "real" one is. Perhaps you could set hotspot interface ARP mode to reply-only, populate ARP from DHCP and disable client-to-client forwarding. That will make it harder for a "bad guy" to get enough information about innocent users in order to spoof them.

This is how is done.

arpwatch alerts you when a MAC address changes IP address, or when an IP address changes MAC address. If a "bad guy" assumes somebody else's MAC and IP addresses, you aren't going to be able to know who the "real" one is. Perhaps you could set hotspot interface ARP mode to reply-only, populate ARP from DHCP and disable client-to-client forwarding. That will make it harder for a "bad guy" to get enough information about innocent users in order to spoof them.

Please, where can I find these options?
ARP mode to reply-only and disable client-to-client forwarding

Note - I'm not an external service provider, only I use internal HOTSPOT to authenticate the hotel guests

Thanks!