Page 1 of 1
need to block host (dont know where it come from)
Posted: Sat Jun 21, 2008 3:40 pm
by foffa
hello all
lately i saw a host appear in the hosts with dynamic ip address
i dont know how external ip come into my private network
the ip is 163.121.94.2
i dont know where it come form also it tries to log in by mac ?????!!!! also dont know why
cant trace cant ping
cant block from my routers
i tried aloot and aloot
how to block that mac and ip from trying to log in by mac
and remove that ip from hosts
thanks in advance
Re: need to block host (dont know where it come from)
Posted: Sat Jun 21, 2008 5:58 pm
by BuccaNET
To drop all packets coming to your router from that address:
/ip firewall filter add chain=input src-address=163.121.94.2 action=drop
However, that perso can just change their IP and try again from a new IP. I don't think there is a way to blck by MAC address. If not, that is a good suggestion.
If you are not using mac-telnet you can disable it.
/tool mac-server print
/tool mac-server disable 0 or /tool mac-server remove 0
If you don't use static IP's on your network and only use dhcp, you can disable arp queries, but be sure to add add arp to your dhcp.
/ip dhcp-server set <dhcp> add-arp=yes
/interface ethernet set Local arp=reply-only
You can also restrict connecting to the router from only your IP
/ip firewall filter add chain=input src-address=<yourIP> action=accept
/ip firewall filter add chain=input action=drop
Be careful not to lock yourself out though, and you might want to set up a static MAC address mapping for your computer.
Cory
Re: need to block host (dont know where it come from)
Posted: Sun Jun 22, 2008 11:01 am
by meconet
You can block mac-addresses in the bridge firewall ruleset.
Regards
Lutz
Re: need to block host (dont know where it come from)
Posted: Sun Jun 22, 2008 7:14 pm
by foffa
13:37:20 hotspot,info,debug 00:1D:0F:E2:E3:D0 (10.0.0.7): login failed:
invalid username or password
13:38:03 hotspot,info,debug 00:1D:0F:E2:E3:D0 (10.0.0.20): trying to log in
by mac
13:38:03 hotspot,info,debug 00:1D:0F:E2:E3:D0 (10.0.0.20): login failed:
invalid username or password
here is what i see in the log
also that mac add in the hosts window appear also with the ip 163.121.94.2
i do the rules you mentioned guyes and also i am still having this issue ??!!!!!
HEEEEEEEEEELP
Re: need to block host (dont know where it come from)
Posted: Sun Jun 22, 2008 7:46 pm
by meconet
Hm, first of all, this is the way, a open HotSpot work. It's an open WLAN but at the end you need credentials to use the infrastructure. So where is the problem. Because of missing username/password, this user can't log in and use your HotSpot for internet access.
I belive if you execlude this mac, he will try login with an offer wlan card / mac.
Their are different possibilities to secure this environment, but first of all you should think of all the changes if you secure the wlan. You will find How tos in the manual.
Regards
Lutz
Re: need to block host (dont know where it come from)
Posted: Sun Jun 22, 2008 8:23 pm
by foffa
this is not wireless network at all
this network have 2 routers and 1 network and hotspot active that is only
the Maine problem that this mac always try to log in by mac
some time it use other users ip !!!!!
this cause the user to hang :S
any suggestions
Re: need to block host (dont know where it come from)
Posted: Mon Jun 23, 2008 5:24 pm
by BuccaNET
OK I think I found it. If you really want to drop this user's MAC.
/ip firewall filter chain=input action=drop src-mac-address=00:1D:0F:E2:E3:D0 \
comment="Drop conections to the router"
/ip firewall filter chain=forward action=drop src-mac-address=00:1D:0F:E2:E3:D0 \ comment="Drop connections through the router"
Bt then he can just spoof another MAC address (if he knows how) and keep trying.