Community discussions

 
iraqi
just joined
Topic Author
Posts: 6
Joined: Wed Sep 05, 2007 12:06 pm

Salam (I Need Help)

Wed Sep 05, 2007 12:38 pm

salam
I have a Mikrotik Router
Some people have a program that is scan all the Mac and Ip's that connect with my network.
So the hacker change his Mac and Ip same as my clients and then receive the internet directly.
I am trying Avery thing I know it like fixed the Mac with the user name and password and can not solve this problem.

So if any one can take my hand to peace land help me.

I am sorry to my English language.

Regard
:( :( :( :( :( :( :( :( :(
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Re: Salam (I Need Help)

Wed Sep 05, 2007 12:58 pm

 
iraqi
just joined
Topic Author
Posts: 6
Joined: Wed Sep 05, 2007 12:06 pm

Re: Salam (I Need Help)

Wed Sep 05, 2007 8:11 pm


salam

Thanks for your replay

I go to this site and I think that is bad solution but when I search finds VLAN options

Can any one explain how use this option and when I used it can I see every client how much up and download

Regards
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Re: Salam (I Need Help)

Wed Sep 05, 2007 8:33 pm

whats the bad solution ?? what solution is bad ??
 
User avatar
hulk-bd
Member Candidate
Member Candidate
Posts: 227
Joined: Mon Sep 03, 2007 7:19 pm
Location: Uttara, Dhaka, Bangladesh

Re: Salam (I Need Help)

Wed Sep 05, 2007 10:25 pm

Dear Brother,
Salam to you also.

I have faced the same problem in my network too, ok I have some question about your MT setting:

is all of your user use DHCP IP from your MT or you gave them a static IP range? If you give your user DHCP IP from your MT OS then you can use MAC binding option in your dhcp server option, or if you give them any static IP then you can make their MAC address as static only in ARP list. every ethernet card which is connected to your MT that MAC must be shown in your ARP list, you have to list all of your clients MAC address and make their MAC as static only on his or her given Static IP address. And you have to monitor your network carfully about your BAD users who are changing their mac and IP as an another user, I think the best idea is to know your clients, if they caught by you then you can take some action about them.
Torch is another useful tools in the MT to watch all the IPs that what it's coming from and where it's going.

Regards
 
User avatar
navibaghdad
newbie
Posts: 27
Joined: Mon Oct 09, 2006 5:38 pm

Re: Salam (I Need Help)

Wed Sep 05, 2007 11:25 pm

Dear hulk-bd,
thanks for your reply but sorry its not the solution for this problem cause the hacker will use the same ip and mac of the authorized client so the MK os will never recognize him as a good or bad one,
Btw can we close all the ports of ip scan programs and discover the ip and mac of the hacker and binding him ? I think there is an solution to this problem without using encryption.

Regards
 
iraqi
just joined
Topic Author
Posts: 6
Joined: Wed Sep 05, 2007 12:06 pm

Re: Salam (I Need Help)

Thu Sep 06, 2007 11:34 am

Dear Brother,
Salam to you also.

I have faced the same problem in my network too, ok I have some question about your MT setting:

is all of your user use DHCP IP from your MT or you gave them a static IP range? If you give your user DHCP IP from your MT OS then you can use MAC binding option in your dhcp server option, or if you give them any static IP then you can make their MAC address as static only in ARP list. every ethernet card which is connected to your MT that MAC must be shown in your ARP list, you have to list all of your clients MAC address and make their MAC as static only on his or her given Static IP address. And you have to monitor your network carfully about your BAD users who are changing their mac and IP as an another user, I think the best idea is to know your clients, if they caught by you then you can take some action about them.
Torch is another useful tools in the MT to watch all the IPs that what it's coming from and where it's going.

Regards
salam alekom

Dear Mr.
Tank for your interesting in my problem
I do that and face the same problem when anyone takes a test and so many roads.
I read in another topics about VLAN do any one any ideas about this option

Regard
 
abab_rafiq
Member Candidate
Member Candidate
Posts: 120
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Salam (I Need Help)

Thu Sep 06, 2007 12:02 pm

Why don't you use PPPoE server, where only user name and password is all over. You just specify fixed IP address to your user.

http://www.mikrotik.com/testdocs/ros/2. ... /pppoe.php

Rafiq...
 
User avatar
hulk-bd
Member Candidate
Member Candidate
Posts: 227
Joined: Mon Sep 03, 2007 7:19 pm
Location: Uttara, Dhaka, Bangladesh

Re: Salam (I Need Help)

Thu Sep 06, 2007 2:33 pm

Dear Mr.abab_rafiq

Yes this is another good solution for that kind of problem, you can use PPPOE option with radius and user manager. I already running a PPPOE setting using radius and user manager beside my static IP user at a time and on the same local interface in my MT OS. The main advantage of the PPPOE is you don't have to put any IP configuration on the client side just have to install the PPPOE protocol on the client ethernet and make a dailup on client side to put his/her user name and pass to logon to your MT to browse the Net.
 
iraqi
just joined
Topic Author
Posts: 6
Joined: Wed Sep 05, 2007 12:06 pm

Re: Salam (I Need Help)

Mon Sep 10, 2007 11:22 am

Dear Mr.abab_rafiq

Yes this is another good solution for that kind of problem, you can use PPPOE option with radius and user manager. I already running a PPPOE setting using radius and user manager beside my static IP user at a time and on the same local interface in my MT OS. The main advantage of the PPPOE is you don't have to put any IP configuration on the client side just have to install the PPPOE protocol on the client ethernet and make a dailup on client side to put his/her user name and pass to logon to your MT to browse the Net.

Dear Mr.

The PPoe is good solution but here in iraq we dont have orginal access point so all the access point that we use made in china and if i use the ppoe i must close the center

regard,
 
pokeman
Member Candidate
Member Candidate
Posts: 136
Joined: Fri Jun 05, 2009 10:52 pm

Re: Salam (I Need Help)

Mon Sep 10, 2007 12:35 pm

salam
I have a Mikrotik Router
Some people have a program that is scan all the Mac and Ip's that connect with my network.
So the hacker change his Mac and Ip same as my clients and then receive the internet directly.
I am trying Avery thing I know it like fixed the Mac with the user name and password and can not solve this problem.

So if any one can take my hand to peace land help me.

I am sorry to my English language.

Regard
:( :( :( :( :( :( :( :( :(
The based on arp logic the arp request is dynamic and lan clients are listen easily. So u first static your client to set your MT arp static you can also build application to set your client arp. Then set your MT local lan card setting in interface select your lan in general tab listed arp and select disable . then go to your dhcp server setting and click the option “add arp for leases “ .
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Re: Salam (I Need Help)

Wed Sep 26, 2007 4:38 am

i dont know whts the relation between china and pppoe ? even in the USA they are using chineess products !!!!
in IRAQ now many WISP turn thier networks to PPPOE instead of hotspots to avoid this problem ..

Who is online

Users browsing this forum: No registered users and 84 guests