Community discussions

MikroTik App
 
User avatar
mardawe
just joined
Topic Author
Posts: 17
Joined: Wed Mar 14, 2012 10:31 pm

bad hosts help ...

Sat Mar 08, 2014 5:44 pm

hello every one ..
i have a 5.25 pc mikrotik .. and there are a lot of annoying people who are trying to
log in to my hotspot with different usernames .. and it is really annoying .. and sometimes
they succeed in logging in .. so i will be thankful for you to offer any help
something like blocking any MAC address for 24hrs if it tried to log in more than 5-7 times without success ...
thanks in advance
MahmouD KhuffasH
PALESTINE


share your experience
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: bad hosts help ...

Sat Mar 08, 2014 5:52 pm

hello every one ..
i have a 5.25 pc mikrotik .. and there are a lot of annoying people who are trying to
log in to my hotspot with different usernames .. and it is really annoying .. and sometimes
they succeed in logging in .. so i will be thankful for you to offer any help
something like blocking any MAC address for 24hrs if it tried to log in more than 5-7 times without success ...
thanks in advance
Logging in to what? the admin stuff?... you really shouldn't just have ports open to the world.
 
User avatar
mardawe
just joined
Topic Author
Posts: 17
Joined: Wed Mar 14, 2012 10:31 pm

Re: bad hosts help ...

Sat Mar 08, 2014 6:03 pm

login to my hotspot .. i mean as a user .. u know
MahmouD KhuffasH
PALESTINE


share your experience
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: bad hosts help ...

Sat Mar 08, 2014 10:04 pm

I use FreeRADIUS for my database, and it has a brute force login deterrent.. It allows the radius administrator to set a reject-delay value in the security section of the radiusd.conf file. The default value is 1. This means that only one request per user will be allowed per second, no matter how many are submitted during that second, all subsequent login requests during that second will be ignored.

The best way to discourage that is to require your users to use a password that is not guessable or simple. If a hacker is logging in with another user's password without the user's permission or knowledge, then the password was not complex enough or was broadcast in clear text over your wireless network. Do not use the pap login method unless you are using SSL on your hotspot login page.

I do not use SSL, but I do use chap, which encrypts the password only.
 
User avatar
mardawe
just joined
Topic Author
Posts: 17
Joined: Wed Mar 14, 2012 10:31 pm

Re: bad hosts help ...

Sat Mar 08, 2014 11:09 pm

thank you "SurferTim" .. but i have the mikroik usermanager .. i was wondering if there are any rules to add in the firewall to manage such a thing ... i mean to put the hackers MAC address in a special address list to get blocked for couple hrs . after the hacker was trying to login many times .... i guess i have seen some thing related to this one day ...

thanks >>
MahmouD KhuffasH
PALESTINE


share your experience
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: bad hosts help ...

Sat Mar 08, 2014 11:25 pm

I have been known to block a radio from connecting to my AP using the radio mac address in "/interface wireless access-list", but that can be just temporary. If the hacker is good, he/she will just change the mac address and continue the attack.

If you have determined the hacker is using known usernames, he/she could be getting those by packet sniffing your wireless signal.The way around that is using a SSL certificate on your hotspot login page. That way everything is encrypted.

Who is online

Users browsing this forum: edmpetr, Google [Bot], hechz, jvanhambelgium, sindy, w0lt, webix and 136 guests