hi, do you need any software to do that ? I want try how to scan and choosing mac address see if work in my hotspot.you didnt heared about net-cut ?? the hacker is connecting yo unsecured hotspot network , getting an IP , making a scan for the network , choosing the victim mac address , cloning it in his PC , shut the victim OFF , get in as the real user (victim) , without any need for user name and password , its easy now to get in any MT hotspot , piece of cake , personally i overcame this problem by using a WPA encruption key at my AP's ..
go http://www.arcai.com donwload netcut install it .connect to unsecured MT hotspot ,run netcut you will see all client has connected to this hotspot ,cut off whoever you want,whoever you cut will lose internet connection.As there are not details included about the issue,
for the wireless use samsoft08 provided advice for securing network with WPA,
for Ethernet you may either use smart switches to ensure filtering by MAC-addresses or use PPPoE authentication server.
well there need two wireless AP one for WPA,one for unsecured.what about someone buy at once ,after known WPA code doing same thing ,do we need change WPA code monthly?You could set up an open, unencrypted hotspot that allows only access to your user-registration page where you describe the services that you're offering to registered customers and allow potential customers to sign up for your services. Require them to identify themselves upon registration and to provide their payment details (credit card information etc.) and send them an email which they need to confirm in order to activate their access to your services (for example by clicking on an URL contained in the email text - the usual double-opt-in scheme). Upon successful confirmation automatically generate a certificate for them to be used for EAP protected access to your services, send them a copy of the cert and automatically import it into your radius infrastructure. If they're subscribing to your services for a limited time (i.e. three months or some such) make the certificate expire accordingly.
hi,if I use EAP with certificates, do I need buy certificates service from somewhere?Yes, logically there'd need to be two AP, one for unsecured connections (offering registration only) and one WPA protected for full network access, but you can use the virtual-AP feature of RouterOS so that you do not need to buy and install two AP devices - both AP can run on the same radios.
Regarding people 'knowing the WPA code': That would only be an issue with WPA-PSK, but the solution that I outlined uses EAP with certificates, so there is no PSK that can be shared between users. You're right that of course once a customer is fully connected to the WPA protected AP he can then again use Netcut or other network hijacking tools, but then you know who did it because the customer is registered and authorized at the AP with a personal ID (from the cert that you issued him).
You can, but you don't need to. You can just as well run your own PKI. There are lots of tutorials on the net on how to setup a basic PKI (CA) with OpenSSL and a bunch of shell scripts, such asif I use EAP with certificates, do I need buy certificates service from somewhere?