Community discussions

MikroTik App
 
User avatar
tevolo
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Mar 29, 2009 8:39 pm

PPPoE - Prevent Failed PPP Calls

Wed Feb 22, 2012 11:06 pm

Our logs are going crazy with a few different attempts to login to the PPP service via radius, but radius denies because their PPP account is wrong.
In our case, this is probably somebody with our modem that set it up wrong. The problem is that I can only seem to track it via MAC address.

I want to disable these PPP calls from our routing processing them or even hitting our Radius, so I can clear the logs and also so our Radius server isn't hit with multiple requests every second.

How can I block this?
2012.02.22-14:50:45 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:45 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: terminating... - user admin authentication failed
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: disconnected
2012.02.22-14:50:46 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:08:91:52:6A
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: waiting for call...
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating... - user versace authentication failed
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:46 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:46 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: terminating... - user admin authentication failed
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: disconnected
2012.02.22-14:50:48 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:08:91:52:6A
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: waiting for call...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating... - user versace authentication failed
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:48 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:49 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:49 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:49 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: terminating... - user admin authentication failed
2012.02.22-14:50:49 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: disconnected
2012.02.22-14:50:49 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:08:91:52:6A
2012.02.22-14:50:49 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: waiting for call...
2012.02.22-14:50:51 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: terminating... - user admin authentication failed
2012.02.22-14:50:51 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: disconnected
2012.02.22-14:50:51 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:08:91:52:6A
2012.02.22-14:50:51 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-1>: waiting for call...
etc.
etc.


THANKS 8)
 
User avatar
tevolo
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Mar 29, 2009 8:39 pm

Re: PPPoE - Prevent Failed PPP Calls

Thu Feb 23, 2012 4:56 pm

Seems like these forum posts relate to this question, but nobody has received an answer.
http://forum.mikrotik.com/viewtopic.php ... er#p292954
http://forum.mikrotik.com/viewtopic.php ... pppoe+user

Would a firewall rule block this from happening even though they don't even have an established connection?
 
mmmigoro
newbie
Posts: 39
Joined: Mon Feb 14, 2011 3:48 pm
Location: PRAHOVA, Romania

Re: PPPoE - Prevent Failed PPP Calls

Thu Feb 23, 2012 9:15 pm

One solution is to use a managed layer2 switch before MT to temporary filter that MAC address.
 
User avatar
tevolo
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Mar 29, 2009 8:39 pm

Re: PPPoE - Prevent Failed PPP Calls

Thu Feb 23, 2012 10:44 pm

Unfortunately after speaking with HP about our 1810G procurve, this is not possibe.

There has to be a PPP setting to block calls based on a MAC address right?
If not, there should be something implemented that could allow it the same way you can deny wifi connections in Mikrotik based on MAC in the Connect List.
 
angboontiong
Forum Guru
Forum Guru
Posts: 1115
Joined: Fri Jan 16, 2009 9:59 am

Re: PPPoE - Prevent Failed PPP Calls

Wed Jun 06, 2012 6:51 am

Hi...

i experienced this today as well...
it make me crazy...

Mikrotik, any solution for this?
or we just leave it that way...

thanks....
You do not have the required permissions to view the files attached to this post.
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1071
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: PPPoE - Prevent Failed PPP Calls

Wed Jun 06, 2012 1:42 pm

You could try to specify the caller-id in the secret of the user, although I suspect
it is going to cause more headaches :)
http://wiki.mikrotik.com/wiki/Manual:PP ... operties_2
-Toni-
Don't crash the ambulance, whatever you do
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: PPPoE - Prevent Failed PPP Calls

Wed Jun 06, 2012 4:50 pm

I don't understand what's so difficult in filtering somebody based on mac :)
Make your PPPoE server run on a bridge interface, and use bridge filters on input chain to temporarily block MAC adresses.
 
angboontiong
Forum Guru
Forum Guru
Posts: 1115
Joined: Fri Jan 16, 2009 9:59 am

Re: PPPoE - Prevent Failed PPP Calls

Wed Jun 06, 2012 6:29 pm

I don't understand what's so difficult in filtering somebody based on mac :)
Make your PPPoE server run on a bridge interface, and use bridge filters on input chain to temporarily block MAC adresses.

Hi...
if you are the system, you will found this "fellow" is using some software, it will change the mac address with try new id to access...
it change every 1 seconds, thus, you are not able to drop it...

and this is on the pppoe not the normal dhcp, as normal dhcp, yes, it can be done very straight forward...

but the caller id is <pppoe-0>, <pppoe-1>, <pppoe-2> which no way to blocked it, thus i was looking for more expert which can guide to have more better solution...
 
User avatar
tevolo
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Mar 29, 2009 8:39 pm

Re: PPPoE - Prevent Failed PPP Calls

Tue Sep 18, 2012 5:17 am

I simply want to block it by the MAC address per the caller-id or the username they are trying to authenticate with if anybody has a clue how to do this?

Block either the MAC: 00:E9:0A:91:52:D1 or user Versace so it doesn't hit the router 30000 a day?
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating... - user versace authentication failed
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:48 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:49 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
 
toolate
just joined
Posts: 5
Joined: Tue Nov 22, 2005 6:55 pm

Re: PPPoE - Prevent Failed PPP Calls

Tue Oct 02, 2012 9:07 pm

I simply want to block it by the MAC address per the caller-id or the username they are trying to authenticate with if anybody has a clue how to do this?

Block either the MAC: 00:E9:0A:91:52:D1 or user Versace so it doesn't hit the router 30000 a day?
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating... - user versace authentication failed
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:48 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: waiting for call...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: terminating...
2012.02.22-14:50:48 <172.16.50.1>: pppoe,ppp,info PPP-: <pppoe-0>: disconnected
2012.02.22-14:50:49 <172.16.50.1>: pppoe,info PPP-: PPPoE connection established from 00:E9:0A:91:52:D1
Simply place your PPPoE interface in a bridge by itself. Now you can use a bridge filter rule to block the MAC address before it gets to the PPPoE server.
/interface bridge filter
add action=drop chain=input comment="Block User MAC Address" disabled=no in-interface=<your interface> src-mac-address=00:E9:0A:91:52:D1/FF:FF:FF:FF:FF:FF
Note that you will have to update the PPPoE Service to use the new bridge interface after you have added the port to the bridge. This will also disconnect any existing PPPoE sessions. Don't forget to update any firewall rules you may have as well.

This works for me on RB1100 with 5.14.

HTH

-Todd
 
ajmal
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Jan 31, 2005 8:38 pm
Location: IN

Re: PPPoE - Prevent Failed PPP Calls

Sun Jun 14, 2015 1:40 pm

As of now i did not find any concrete solution for this issue But i am preventing it by creating ACL rule to prevent PADI request for specific MAC.

Who is online

Users browsing this forum: dioeyandika, uhuz and 58 guests