Community discussions

MikroTik App
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Block IP after 3 time hotspot login failures

Mon Feb 21, 2022 8:30 am

Dear All

I'm still looking for script that can auto BLOCK any clints IP or MAC who try to log in to hotspot 3 time with wrong username and password
I'm not talking about SSH and TELNET because I live in crowded area
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block IP after 3 time hotspot login failures

Mon Feb 21, 2022 12:40 pm

If you can see it in the logs, you can make a script for it.
This is nearly the same as block VPN user not authenticate correctly.
See here:
viewtopic.php?t=148397
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Re: Block IP after 3 time hotspot login failures

Mon Feb 21, 2022 7:03 pm

If you can see it in the logs, you can make a script for it.
This is nearly the same as block VPN user not authenticate correctly.
See here:
viewtopic.php?t=148397
thank you Jotne for your reply
i fund this script to convert ip to mac:
#Hotspot IP to MAC binding#
:local ipaddr value="";
:local mac value="";

:foreach a in=[/ip firewall address-list find where dynamic=yes and list=hotspot_blacklist] do={
:set $ipaddr [/ip firewall address-list get $a value-name=address];
:local m [/ip arp find where address=$ipaddr dynamic=yes];
:set $mac [/ip arp get $m mac-address];

/ip hotspot ip-binding add type=blocked mac-address=$mac comment="blocked from script";
/ip firewall address-list remove $a;

:log warning ("Blocked from Hotspot " . " MAC: " . $mac);
}

and i try to use this script:
/ip firewall filter
add chain=input protocol=tcp src-address-list=hotspot_blacklist action=drop comment="Hotspot bruteforce prevention"
add chain=output action=accept protocol=tcp content="invalid username or password" dst-limit=2/1m,4,dst-address/2m comment="Hotspot bruteforce prevention"
add chain=output action=add-dst-to-address-list protocol=tcp content="invalid username or password" address-list=hotspot_blacklist address-list-timeout=3h
on this viewtopic.php?t=116498#p577116
but doesn't work with RB4011iGS+ OS7.1.1 and even not working with RB5009UG+S+

and help or advice
best regards
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block IP after 3 time hotspot login failures

Mon Feb 21, 2022 9:33 pm

1. Do not quote post above you. There is a big Post Reply button under the post to use to reply.
2. Do use code tags when posting code. </> button above the post.

I have cleaned up the script and added code tags to be able to read it.
#Hotspot IP to MAC binding#
:foreach a in=[/ip firewall address-list find where dynamic=yes and list=hotspot_blacklist] do={
	:local ipaddr [/ip firewall address-list get $a value-name=address]
	:local m [/ip arp find where address=$ipaddr dynamic=yes]
	:local mac [/ip arp get $m mac-address]

	/ip hotspot ip-binding add type=blocked mac-address=$mac comment="blocked from script"
	/ip firewall address-list remove $a

	:log warning ("Blocked from Hotspot " . " MAC: " . $mac)
}
This is not a script, these are firewall rules:
/ip firewall filter
add chain=input protocol=tcp src-address-list=hotspot_blacklist action=drop comment="Hotspot bruteforce prevention"
add chain=output action=accept protocol=tcp content="invalid username or password" dst-limit=2/1m,4,dst-address/2m comment="Hotspot bruteforce prevention"
add chain=output action=add-dst-to-address-list protocol=tcp content="invalid username or password" address-list=hotspot_blacklist address-list-timeout=3h
What does not work?
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Re: Block IP after 3 time hotspot login failures

Tue Feb 22, 2022 8:02 am

Dear Joten
first of all thank you for your reply and I'm sorry I didn't know about these things
when I create this firewall rules its not working i can see from log that there is more than error invalids username and one of them tried 289 time to log in to my hotspot
i hope understand my point

Best regards
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block IP after 3 time hotspot login failures

Tue Feb 22, 2022 11:15 am

Are anything added to the access list "hotspot_blacklist"
 
User avatar
qatar2022
Member Candidate
Member Candidate
Topic Author
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Re: Block IP after 3 time hotspot login failures

Tue Feb 22, 2022 5:23 pm

no nothing
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block IP after 3 time hotspot login failures

Tue Feb 22, 2022 8:06 pm

How do you see that a user has 3 times login failure? From the log?
If its from the log, you can modify this script to search for log inn errors:
viewtopic.php?p=743875#p743875

Who is online

Users browsing this forum: GoogleOther [Bot] and 27 guests