Community discussions

MikroTik App
 
jihadalshaiba
just joined
Topic Author
Posts: 3
Joined: Sun Jul 20, 2014 2:31 am

Block app from google play

Sun Dec 10, 2017 6:44 pm

how I can Block NetCut, mac changer from google play..... please help me
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 997
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Block app from google play

Sun Dec 10, 2017 10:36 pm

In which environment?
It's really hard if not impossible to make NetCut totally unusable.

If you're talking about a HostSpot (which I presume), the easiest steps would be:

- disbale client-to-client forwarding on the APSs
- add all guest-facing interfaces with the same bridge horizon to your HotSpot bridge
- hand out random /32 addresses and have one-to-one NAT do the rest.

That will definitely make it hard for the guys using Net Cut.
-Chris
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: Block app from google play

Mon Dec 11, 2017 4:23 pm

hand out random /32
how do you manage that?


I absolutely agree on all other points, I usually would add:
- set proxy-arp to reply only on hotspot interface and set dhcp to add arp for leases
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 997
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Block app from google play

Mon Dec 11, 2017 4:38 pm

That's a bit of an effort. Once.
Just create a pool per address and define a next-pool which then contains a totally different address. (like 1.2.3.4 ; 97.99.11.32 ; 120.254.244.13 etc...) From my experience, a couple of subscriber subnets from foreign ISPs are perfectly suited for gatherig random addresses that won't conflict with internet addresses that might be needed.
Define the /32 mask in your dhcp-server network definition.
Create a real pool for 1to1 NAT.

Since 1to1 NAT needs full ARP, I didn't suggest to set ARP to reply-only and dhcp-add (which is a good idea as well when not going for the approach described aboce).

That setup makes scanning of the network really really hard.
-Chris
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: Block app from google play

Wed Dec 13, 2017 7:57 am

nice trick, indeed! surely worth a try.

I was guessing.. as ip are assigned by dhcp (so dhcp can add arp dynamically) probably the arp-reply method could work too. You say 1:1 nat needs full arp functionality but probably that is enough, did you test it?
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 997
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Block app from google play

Wed Dec 13, 2017 1:29 pm

I was guessing.. as ip are assigned by dhcp (so dhcp can add arp dynamically) probably the arp-reply method could work too. You say 1:1 nat needs full arp functionality but probably that is enough, did you test it?
Now we're talking about it... I think you're most likely right. I had the feature in mind that allows clients with different static IPs to access the network. But in this case, I'm now almost sure that it'll work with static arp as well... No need to catch foreign static IPs. Good point!

-Chris
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: Block app from google play

Thu Dec 21, 2017 6:18 am

All you can do is already written in above posts.
For lazy guys looking for ready made / step-by-step guides >> YouTube.com

Who is online

Users browsing this forum: Ahrefs [Bot] and 31 guests