Community discussions

MikroTik App
 
jessequijano
newbie
Topic Author
Posts: 28
Joined: Sat Nov 13, 2010 10:14 pm

Rogue Access Point

Sat Dec 11, 2010 11:29 pm

I setup a new network at a fast food

wireless isp -- rb493 192.168.4.x -- rb411 access point 192.169.4.x

the ssid is "restaurant"

everything works like a charm

Suddenly a "default" access point has popped up with strong signal in the area and if i connect to it and check my public ip I am seeing the public IP from my access point

leads me to believe it is a wireless client connecting and subsequently rebroadcasting the signal.

if I launch wireshark on either network I see both 192.169.4.1 (rb493), 192.169.4.2 (rb411), and 192.169.4.3 (my laptop). Occasionally I see another ip pop up but then it will go away I figure this is probably laptops and smartphones passing by the drivethru.

Anyway the point is I cant seem to locate where this ap is and what ip address its on. It all seems very odd to me.

Using Ekahau HeatMap hasnt localized the ap. Im going to bring my apple laptop and run istumbler here on monday to try and pinpoint where it is since my xp laptop driver seems to be unsupported.

the mac address is
00-1F-1F-5C-12-07 Edimax Technology Co. Ltd.

so it is definetly not a virtual AP on the mikrotik or anything like that.

can i simply block this mac address from connecting to the ap.

I CANNOT use whitelists because this is a public ap I need to BLOCK only certain MACs
 
jessequijano
newbie
Topic Author
Posts: 28
Joined: Sat Nov 13, 2010 10:14 pm

Re: Rogue Access Point

Tue Dec 14, 2010 5:02 pm

*bump*

so the issue continues.

now i am trying to block the mac address using winbox.

chain fwd
all inbound and outbound ip addresses at the rogue ap's mac address.
action drop

can still browse the new connecting to the default (rogue) ssid

look in my dhcp table and there are 2 entries for my iphone's (connected to rogue ap) mac address using 2 different ips

could the ap be spoofing the mac address to match its clients mac? if this is the case how in the heck am i suppoed to maintain an open wifi ap yet block layer2 repeaters of this nature???
 
jessequijano
newbie
Topic Author
Posts: 28
Joined: Sat Nov 13, 2010 10:14 pm

Re: Rogue Access Point

Tue Dec 14, 2010 5:41 pm

found the wireless client table. copied the mac of the rogure ap to it. disabled forwarding and authentication as suggested by another post for disabling CPEs and rebooted the router but i can still connect to and subsequently browse the internet from that ap with th traffic flowing through my ap and router. darn it how can i blackhole this scum bag
 
jessequijano
newbie
Topic Author
Posts: 28
Joined: Sat Nov 13, 2010 10:14 pm

Re: Rogue Access Point

Tue Dec 14, 2010 6:03 pm

GOT IT!!!

I cleared some of the settings i was trying

then i tried adding the mac to the access list again. disable forwarding disable authentication and BOOM! No more connection for that blood sucker. HeHeHe now to creat a virtual SSID telling him where to go stick it.

Who is online

Users browsing this forum: No registered users and 28 guests