Community discussions

MUM Europe 2020
 
monaro
newbie
Topic Author
Posts: 33
Joined: Wed Feb 07, 2007 10:05 pm

Block User By Hostname

Fri Sep 28, 2007 9:34 am

How do we block user by PC hostname? Since DHCP lease shows PC name, how do i block based on that hostname?
 
User avatar
sariao
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Thu Jul 08, 2004 10:55 am
Location: Saudi Arabia

Re: Block User By Hostname

Fri Sep 28, 2007 1:59 pm

why you wana do that anyway?! this is not practical at all, nice the user can change his computer name.
tell me what is your senario maybe we can find some other ways.

Regards.
 
jarosoup
Long time Member
Long time Member
Posts: 600
Joined: Sun Aug 22, 2004 9:02 am

Re: Block User By Hostname

Sat Sep 29, 2007 1:52 am

I can think of one: Users "in the know" that are getting around the trial of a Mikrotik hotspot by changing their MAC address every time their session expires. This way, a user can abuse free trial time forever and never have to pay for access (if this is how the network is setup). Typically, but not always, these types of users can often be identified by the DHCP lease table as you'll find anywhere from 5-50 leases for the same person, each with a different MAC (sometimes just incremented) but the same hostname. I have seen this a lot lately. Sometimes they are so persistent that they can consume all remaining leases available in the pool.

So, by identifying and controling a client based on the hostname, the user can further be hindered. But, as stated, all they then have to do is change their hostname. The only way I have found to control these abusers is to make the free so painful that it isn't worth their time - sometimes contracts don't allow this though. You can certainly pick apart their traffic and block specifics too, but you risk interfering with paying customers and other users. It only takes a few to ruin it for everyone...

If this isn't why the OP was asking, nevermind. It's still a huge concern for those trying to offer free & paid services in the public space without getting abused. I don't want to hijack the thread, but would certainly like to hear from anyone who might have suggestions for controlling this.
 
littlecake
just joined
Posts: 21
Joined: Sun Jun 04, 2006 8:56 pm

Re: Block User By Hostname

Tue Feb 19, 2008 11:31 pm

I have the same problem , in user list on the hotspot i have trial users like : 0A:0A:0A:0A:64:22 , 0A:0A:0A:0A:64:33 , 0A:0A:0A:0A:64:32...
but only active host name is the same .

For some people is easy to change MAC , but it is not easy to change computer name witout reboot Win
 
roland
newbie
Posts: 43
Joined: Sat Jan 22, 2005 12:03 pm
Location: Thailand

Re: Block User By Hostname

Sat May 24, 2008 9:48 pm

well, it took me while but I found a solution and it works for me:
it finds the computername (and its IP) in the DHCP table.
I run the script in a scheduler. Many extensions are possible:
counting the dhcp entries per host, and if >2 remove them... ect ect



# add the bad names here in a list
:local hosts "pcname1","pcname2"

:foreach host in $hosts do={
:foreach i in= [/ip dhcp-server lease find host-name $host] do={
:local ipnum [/ip dhcp-server lease get $i address]
:local unum [/ip hotspot active find address $ipnum]
:local usr [/ip hotspot active get $unum user]
:log info ($host . " " . $ipnum . " " . $usr)
#next line uncommend it, if you want to kick them out right now
#/ip hotspot active remove $unum
#other stuff can do now with the identified IP and USER
}
}
 
littlecake
just joined
Posts: 21
Joined: Sun Jun 04, 2006 8:56 pm

Re: Block User By Hostname

Sat May 31, 2008 12:49 pm

wow its grate ! :) please and dy uo know how to make "if >2 remove them..." i am no so good programator of scripts ..
well, it took me while but I found a solution and it works for me:
it finds the computername (and its IP) in the DHCP table.
I run the script in a scheduler. Many extensions are possible:
counting the dhcp entries per host, and if >2 remove them... ect ect



# add the bad names here in a list
:local hosts "pcname1","pcname2"

:foreach host in $hosts do={
:foreach i in= [/ip dhcp-server lease find host-name $host] do={
:local ipnum [/ip dhcp-server lease get $i address]
:local unum [/ip hotspot active find address $ipnum]
:local usr [/ip hotspot active get $unum user]
:log info ($host . " " . $ipnum . " " . $usr)
#next line uncommend it, if you want to kick them out right now
#/ip hotspot active remove $unum
#other stuff can do now with the identified IP and USER
}
}
 
roland
newbie
Posts: 43
Joined: Sat Jan 22, 2005 12:03 pm
Location: Thailand

Re: Block User By Hostname

Sat May 31, 2008 5:03 pm

As requested, here is the "extended version", copied from my other post:


We had similar MAC cloning on our hotspots, especially because we also use/offer the TRIAL feature ('free' for a few minutes per day). It is impossible to see a difference between real and fake MACs, however each time they change the MAC, they get a new IP from our DHCP, and a new entry in our DHCP table with their hostname.

So, the hacker most likely is about to produce multiple, hostname-identical DHCP traces.

I made two scripts. Script-A is COUNTING same-hostnames in the DHCP table.
Given the fact that maybe 2 people have same hostname and connect at the same time, we set the 'possible-hack-limit' to >2 same-hostnames.
The script write a global variable of list type ("hacklist"), which hold the identified hostnames. Schedule updates the list (run the script) every 2 minutes.

Scripts-B (runs every 20 seconds), uses the global hacklist, get the IP per host from DHCP tabble, scans the hotspot active users and kicks out those IPs.

after 2 times changing the MAC address, the hacker get a 20sec access at most.
I know that the hostname can be changed easily... however, it usually requires a PC-restart. Our hackers are all gone.
===================
script-A: (run every few minutes)
:local hosts [/ip dhcp-server lease find]
:local pcname "X"
:local pcnum 0
:global hacklist ""
:foreach h in $hosts do={
:local host [/ip dhcp-server lease get $h host-name]
:if ([:len $host] >0) do {
:set pcname ($pcname . "," . $host)
:set pcnum ($pcnum + 1)
}
}
:foreach h in $pcname do={
:local hh 0
:if (!([:find $hacklist $h]>=0)) do={
:foreach k in $pcname do={ :if ($k=$h) do={:set hh ($hh + 1) } }
:if ($hh>2) do={
:if ([:len $hacklist] >0) do {:set hacklist ($hacklist . "," . $h)} else={:set hacklist $h}
}
}
}

# monitor results in logfile once an hour
:local timer [:pick [/system clock get time] 3 5]
:if (($switch > 0) || ($timer >= "58")) do={
:log warning ("New Hacklist: " . $hacklist)
}

=======================
script-B (runs every 20 second)
# use global hacklist variable
#:log info ($hacklist)
:foreach host in $hacklist do={
:foreach i in= [/ip dhcp-server lease find host-name $host] do={
:local ipnum [/ip dhcp-server lease get $i address]
:local unum [/ip hotspot active find address $ipnum]
:if ([:len $unum] >0) do {
:local usr [/ip hotspot active get $unum user]
:log warning ($host . " " . $ipnum . " " . $usr)
#next line kick them out right now, could also check pppoe
/ip hotspot active remove $unum
#other stuff can do now with the identified IP and USER
}
}
}

================
PS: it is advisable to force people to DHCP and disable the universalPnP in hotspot
hope it helps. it does in our case.
 
littlecake
just joined
Posts: 21
Joined: Sun Jun 04, 2006 8:56 pm

Re: Block User By Hostname

Sat May 31, 2008 6:26 pm

Thank you , it was very quick reaction :)
Know someone how-to translate this script do V3 routros ?
 
roland
newbie
Posts: 43
Joined: Sat Jan 22, 2005 12:03 pm
Location: Thailand

Re: Block User By Hostname

Sat May 31, 2008 10:05 pm

I forgot to mention, the script runs on 2.9.50 (haven't tested on V3).
Regarding the 'force' dhcp: in case someone fix his IP into the range of the dhcp server, the second script could be extended to check weather all authenticed users in hotspot have also have a dhcp entry. (this is fairly easy).
 
mobilexpert
just joined
Posts: 10
Joined: Mon May 04, 2009 3:12 am

Re: Block User By Hostname

Mon May 04, 2009 3:23 am

@roland

really great, but i have one request, if possible,
it's about first script ...

can you be kind to add in first script,
if I enter manually host name, script to do :
- find host's mac-address ... i dunno how to 'srcript it'
- add to ip-binding as blocked
/ip hotspot ip-binding add mac-address=$host type=blocked server=all
- remove it from dhcp leases too

actually ... i dont need complex script as second one,
just need to add cloner's host-names in list manually,
and script should do what it do + bind them as blocked + remove it from dhcp lease

thats all

thanx in advance.

b.r.
Alexandar
 
hothefa
just joined
Posts: 2
Joined: Mon Jun 08, 2009 2:01 pm

Re: Block User By Hostname

Wed Jun 10, 2009 7:06 pm

Hello
Thank you for this effort to the work of the excellent script for the expulsion of the pirates Can I
Youth Action Script for the expulsion of the pirates when trying to enter the work Pmakin Michabhain Ebbi different script to give each Mac and be the basis for the adoption of the name of the script block of the computer operates a pirate
Thank you for all
 
hothefa
just joined
Posts: 2
Joined: Mon Jun 08, 2009 2:01 pm

Re: Block User By Hostname

Mon Jun 22, 2009 5:51 pm

Hello young people how the case :( Mr. roland possible to help you
I asked you and did not respond to a request regarding a Script If McCann gives similar ip Mac so that we can get rid of the pirate I am waiting for your responses
:?
 
Robinson
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue Nov 10, 2009 7:30 pm

Re: Block User By Hostname

Sat Nov 14, 2009 1:31 pm

Can somone tell why this script can't worko on ROS 3.x

Pleas help

RESOLVED at http://forum.mikrotik.com/viewtopic.php?f=2&t=36864
 
sabbir4all
just joined
Posts: 2
Joined: Fri Mar 12, 2010 12:27 am

Re: Block User By Hostname

Fri Mar 12, 2010 12:32 am

Hello there,
I am using static IP address for my clients which are binded with mac address. Some of my clients clone another clients IP and mac address. Thats why i want to bind ip addresses with mac and Hostname. Is it possible? please help me.
 
wfk
just joined
Posts: 2
Joined: Fri Nov 30, 2012 3:09 am

Re: Block User By Hostname

Tue Dec 04, 2012 1:35 am

ok but if the hacker set his ip manually his pc will not appear in ur dhcp and u will not find his pc's hostname
 
Robinson
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue Nov 10, 2009 7:30 pm

Re: Block User By Hostname

Thu Dec 06, 2012 9:40 am

ok but if the hacker set his ip manually his pc will not appear in ur dhcp and u will not find his pc's hostname
Then there is the option in hotspot-user profile- to setup one sesion for same user (mac address)... there is no solution that 100% works, but we can make headache to hacker. ;-)
 
Robinson
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue Nov 10, 2009 7:30 pm

Re: Block User By Hostname

Thu Jan 24, 2013 10:42 pm

ok but if the hacker set his ip manually his pc will not appear in ur dhcp and u will not find his pc's hostname
From mikrotik wiki http://wiki.mikrotik.com/wiki/How_to_bl ... e_firewall
 
SK1
just joined
Posts: 2
Joined: Sun Jan 14, 2018 6:34 am

Re: Block User By Hostname

Wed Jan 17, 2018 10:37 am

i need a script that will block android where Active Host name is like "android-7cc31b89ff69826a". usually all r need to be dropped when found android as host name. but sometimes need to allow some android from DHCP server. Please help.
 
newuser69
just joined
Posts: 18
Joined: Mon Feb 06, 2017 6:16 am

Re: Block User By Hostname

Thu Jan 18, 2018 1:22 am

i need a script that will block android where Active Host name is like "android-7cc31b89ff69826a". usually all r need to be dropped when found android as host name. but sometimes need to allow some android from DHCP server. Please help.
this is a way to block a hostname from getting an ip address
viewtopic.php?f=2&t=129661&p=637062#p637062
 
SK1
just joined
Posts: 2
Joined: Sun Jan 14, 2018 6:34 am

Re: Block User By Hostname

Thu Jan 18, 2018 6:36 am

i need a script that will block android where Active Host name is like "android-7cc31b89ff69826a". usually all r need to be dropped when found android as host name. but sometimes need to allow some android from DHCP server. Please help.
this is a way to block a hostname from getting an ip address
viewtopic.php?f=2&t=129661&p=637062#p637062
Sorry, i am not an advance user. Please clarify me in details. Thanks a lot for your kind help.
 
alnasseb
just joined
Posts: 1
Joined: Sat Jan 20, 2018 10:42 am

Re: Block User By Hostname

Sat Jan 20, 2018 2:59 pm

Please clarify me in details.

Who is online

Users browsing this forum: akarpas, crosswind, dad2312, Google [Bot], sayedmirza, xopek and 154 guests