salam
I have a Mikrotik Router
Some people have a program that is scan all the Mac and Ip's that connect with my network.
So the hacker change his Mac and Ip same as my clients and then receive the internet directly.
I am trying Avery thing I know it like fixed the Mac with the user name and password and can not solve this problem.

So if any one can take my hand to peace land help me.

I am sorry to my English language.

Regard

http://forum.mikrotik.com/viewtopic.php?f=2&t=17886

salam

Thanks for your replay

I go to this site and I think that is bad solution but when I search finds VLAN options

Can any one explain how use this option and when I used it can I see every client how much up and download

Regards

whats the bad solution ?? what solution is bad ??

Dear Brother,
Salam to you also.

I have faced the same problem in my network too, ok I have some question about your MT setting:

is all of your user use DHCP IP from your MT or you gave them a static IP range? If you give your user DHCP IP from your MT OS then you can use MAC binding option in your dhcp server option, or if you give them any static IP then you can make their MAC address as static only in ARP list. every ethernet card which is connected to your MT that MAC must be shown in your ARP list, you have to list all of your clients MAC address and make their MAC as static only on his or her given Static IP address. And you have to monitor your network carfully about your BAD users who are changing their mac and IP as an another user, I think the best idea is to know your clients, if they caught by you then you can take some action about them.
Torch is another useful tools in the MT to watch all the IPs that what it's coming from and where it's going.

Regards

Dear hulk-bd,
thanks for your reply but sorry its not the solution for this problem cause the hacker will use the same ip and mac of the authorized client so the MK os will never recognize him as a good or bad one,
Btw can we close all the ports of ip scan programs and discover the ip and mac of the hacker and binding him ? I think there is an solution to this problem without using encryption.

Regards

Dear Brother,
Salam to you also.

I have faced the same problem in my network too, ok I have some question about your MT setting:

is all of your user use DHCP IP from your MT or you gave them a static IP range? If you give your user DHCP IP from your MT OS then you can use MAC binding option in your dhcp server option, or if you give them any static IP then you can make their MAC address as static only in ARP list. every ethernet card which is connected to your MT that MAC must be shown in your ARP list, you have to list all of your clients MAC address and make their MAC as static only on his or her given Static IP address. And you have to monitor your network carfully about your BAD users who are changing their mac and IP as an another user, I think the best idea is to know your clients, if they caught by you then you can take some action about them.
Torch is another useful tools in the MT to watch all the IPs that what it's coming from and where it's going.

Regards

salam alekom

Dear Mr.
Tank for your interesting in my problem
I do that and face the same problem when anyone takes a test and so many roads.
I read in another topics about VLAN do any one any ideas about this option

Regard

Why don't you use PPPoE server, where only user name and password is all over. You just specify fixed IP address to your user.

http://www.mikrotik.com/testdocs/ros/2. ... /pppoe.php

Rafiq...

Dear Mr.abab_rafiq

Yes this is another good solution for that kind of problem, you can use PPPOE option with radius and user manager. I already running a PPPOE setting using radius and user manager beside my static IP user at a time and on the same local interface in my MT OS. The main advantage of the PPPOE is you don't have to put any IP configuration on the client side just have to install the PPPOE protocol on the client ethernet and make a dailup on client side to put his/her user name and pass to logon to your MT to browse the Net.

Dear Mr.abab_rafiq

Yes this is another good solution for that kind of problem, you can use PPPOE option with radius and user manager. I already running a PPPOE setting using radius and user manager beside my static IP user at a time and on the same local interface in my MT OS. The main advantage of the PPPOE is you don't have to put any IP configuration on the client side just have to install the PPPOE protocol on the client ethernet and make a dailup on client side to put his/her user name and pass to logon to your MT to browse the Net.

Dear Mr.

The PPoe is good solution but here in iraq we dont have orginal access point so all the access point that we use made in china and if i use the ppoe i must close the center

regard,

salam
I have a Mikrotik Router
Some people have a program that is scan all the Mac and Ip's that connect with my network.
So the hacker change his Mac and Ip same as my clients and then receive the internet directly.
I am trying Avery thing I know it like fixed the Mac with the user name and password and can not solve this problem.

So if any one can take my hand to peace land help me.

I am sorry to my English language.

Regard

The based on arp logic the arp request is dynamic and lan clients are listen easily. So u first static your client to set your MT arp static you can also build application to set your client arp. Then set your MT local lan card setting in interface select your lan in general tab listed arp and select disable . then go to your dhcp server setting and click the option “add arp for leases “ .

i dont know whts the relation between china and pppoe ? even in the USA they are using chineess products !!!!
in IRAQ now many WISP turn thier networks to PPPOE instead of hotspots to avoid this problem ..