Community discussions

 
PeterDoBrasil
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Sun Aug 23, 2015 6:55 pm

Hotspot Pirates! Mikrotik Hotspot v6.35rc11 ISP Nightmare?????

Fri Feb 19, 2016 3:07 pm

# Hotspot Pirate Mac is 34:FC:EF:D1:29:25 #
My system Configuration is
all Interfaces arp reply-only
the android pirate device has changed in the least +- 5 hours their ip address more than 40 times
their first connect with 10.63 192.199, the last time with 10.63.192 144, he change ip address every 5 minutes
my ip-settings tcp-syn coockies is enabled
I,ve running two scripts
# runs on scheduler every 1 minute #
# Unauthorized Traffic #
{
:global limit 262144
:global bytes
:global mac
:global action1
:global action2
:global action3
:global action4
:foreach i in=[/ip hotspot host find where authorized=no bypassed=no ] do={
:set mac [/ip hotspot host get $i mac-address ];
:set bytes [/ip hotspot host get $i bytes-out ];
:if ($bytes >= $limit) do={
:if ([/interface bridge filter find where chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
comment="Unauth Byte" ] = "" ) do={
:set action1 [/interface bridge filter add action=drop chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
mac-protocol=ip ip-protocol=udp dst-port="53" comment="Unauth Byte" ];
:set action2 [/interface bridge filter add action=drop chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
mac-protocol=ip ip-protocol=udp dst-port="70-64870" comment="Unauth Byte" ];
:set action3 [/interface bridge filter add action=drop chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
mac-protocol=ip ip-protocol=tcp dst-port="70-64870" comment="Unauth Byte" ];
:set action4 [/interface bridge filter add action=drop chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
mac-protocol=ip ip-protocol=icmp comment="Unauth Byte" ];
:log warning ("UNAUTHORIZED Mac:$mac BYTES:$bytes is > $limit");
}}}}

# I've added to hotspot user by login scripts, after client login auto remove the bridge filter #
# Remove Authorized from Bridge Filter #
{
:global mac
:global action
:foreach i in=[/ip hotspot active find ] do={
:set mac [/ip hotspot active get $i mac-address ];
:if ([/interface bridge filter find where chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF" \
comment="Unauth Byte" ] != "" ) do={
:set action [/interface bridge filter remove [ find where src-mac-address="$mac/FF:FF:FF:FF:FF:FF" ]];
:log warning ("Removing Mac:$mac from Bridge Filter");
}}}

/ip hotspot walled-garden ip print
Flags: X - disabled, I - invalid
# SERVER PROTOCOL DST-HOST DST-ADDRESS DST-PORT ACTION
0 Hotspot icmp drop
1 Hotspot udp 53 drop
2 Hotspot tcp 81-64870 drop
3 Hotspot udp 81-64870 drop
4 Hotspot 10.63.192.1 accept

with all this the Pirate access Internet without my permission, you can see on the pics at least the Pirata has used more than 45 Mib's, my question is How ??????????????????
Is he using IPv6???????????????
I've disabled now the IPv6 Packet to see what the Pirata do without IPv6 on my System!!!!!!!!! :shock:
:?





hs-unauth.jpg
hs-unauth2.jpg
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 53 guests