I'm anew user of mikrotik ,and i have the same problem
i think the MAC address in not unique it can change easily
so ,is any way that we can make relation between the mikrotik and the client processor id??
my scenario is that..
1- the login page in hotspot must contain block of code that reads the client processor id and store it in a table like this (client ip ,client MAC ,client processor id) and call it for example client table and integrate it with user options '/ip/hotspot/users' in order tp modify it if needed
2- the firewall check every packet with its client table if any difference drop the packet
3- create a new page called "intruder page" appear only for the hacker describe why disconnected
4-create "black list " contains processor id for the hackers always check this list To track hackers .
is it possible ????
thanks a lot...
Yes, this is a great idea. Start implementing it.
First thing to do: change security on all web browsers so that the hotspot webpage can actully ccess security and identity relevant information like client mac, client processor id etc. Start talking to the major vendors here.
Secnod thing to do: change the IP protocol to actually embed information about client mac and client processor id in every packet. Obviously the people were not smart enough to foresee that - not even in ipv6 - so you need to talk to them and all the vendors implementing ip stacks to implement that. Naturally thre wil lbe a small performance drop (double packet size for stuff like voip) but then who cares.
Reality check: do use approaches already there.
Reality check: 350 USD for a larger securing switch is not "expensive", it is cheap. It is less than the price of a decent high end network card for servers. No, you can not get most higher end equipment for pennies.
Get decent switches and access points. This needs, as has been repeatedly said, to be stopped at the network edge. Not by funny ramblings about how you should collect processor id etc. which simply are so out of reality it is not even funny.
And somewhere on the way, as has also been suggested, consider reading a book or two on the subject.