Is there a any way to prevent people to setting up "personal hotspots" using SMHO WiFi-routers on an enterprise office network? Presume the SOHO-router is assinged a correct ip-address from corporate DHCP-server and is using its own srs-nat, is there a way to detect and block thees kind of connections?
--
Any ideas are welcome!
Prevent usage of SMHO WiFi-routers on corporate network?
Last edited by Larsa on Mon Jun 18, 2018 11:25 am, edited 2 times in total.
Re: Prevent usage of SMHO WiFi-routers on corporate network?
You can play with ttl, but they can also. You can register mac but they can copy it. You can install a tool on the workstations that can check the locally assigned ip against the natted ip and report the difference to your server that can initiate the cut off. In case the stations belong into manageable domain...
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Thanks, I'll try TTL to start with!
Any suggestion on a decent value to start filtering on? Btw, is the internal TTL translated/terminated in src-nat and gets another TTL on the outbound side?
Any suggestion on a decent value to start filtering on? Btw, is the internal TTL translated/terminated in src-nat and gets another TTL on the outbound side?
Re: Prevent usage of SMHO WiFi-routers on corporate network? [SOLVED]
If your network is flat switched, set ttl 1 to all packets going inside from outside.
viewtopic.php?t=14590
viewtopic.php?t=14590
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Excellent, thanks for the pointer! Since it's "flat switched" (like the term btw 
it should probably work in this case.
it should probably work in this case.Re: Prevent usage of SMHO WiFi-routers on corporate network?
It will work until the sharing device changes the ttl to higher value instead of dropping the packet. So as I said before...
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Well, it's good enough to prevent a "normal" ad hoc installation and not for the professional villain with deeper technical knowledge 
Re: Prevent usage of SMHO WiFi-routers on corporate network?
POST a sign in all offices spaces.
"Any use of unauthorized Network Devices will be grounds for immediate dismissal! "
From a leadership point of view, why is it that employees feel they need wifi or more internet.
There may be a business case to provide better services!
"Any use of unauthorized Network Devices will be grounds for immediate dismissal! "
From a leadership point of view, why is it that employees feel they need wifi or more internet.
There may be a business case to provide better services!
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Well, the regular access is somewhat limited because of previously misuse and someone got the brilliant idea to bypass that limitation. So i'm not quite convinced regarding the business case this time! 
Re: Prevent usage of SMHO WiFi-routers on corporate network?
So how it works now?
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Yes indeed!
Rumors say some of the co workers got very puzzled when their personal hotspot stopped working but were still able to use their laptop on the same connection.
Rumors say some of the co workers got very puzzled when their personal hotspot stopped working but were still able to use their laptop on the same connection.
Re: Prevent usage of SMHO WiFi-routers on corporate network?
Good. If they are smart, having cheapest mikrotik and reading this forum (even without all of it) they will easily overcome what you did.