Re: [Mikrotik] Finding MAC Address and Blocking
On Wed, 2009-01-14 at 13:14 -0600, Brian Bearce wrote: > Does it make a difference if these are private IP's 192.168.*.*? These are > NATed via another router. Private IP/public IP is not relevant. What IS relevant (as others have stated) is that you run the arp test on the router that is directly connected to the customer/perp. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
Never Mind I got it to work had wrong syntax. Steve -Original Message- From: mikrotik-boun...@mail.butchevans.com [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Steve Barnes Sent: Wednesday, January 14, 2009 4:20 PM To: 'Mikrotik discussions' Subject: Re: [Mikrotik] Finding MAC Address and Blocking Looking for a script to help Build multiple simple queues at one shot. I got the one below from the MT forums but it is for V2 and its not working with V3. Anyone got a good link Steve Barnes RCWiFi Wireless Internet Service :for i from=10 to=100 do={/queue simple add target-address=(10.128.138. . $i . "/32") max-limit=256000/70 burst-limit=0/150 burst-threshold=0/60 burst-time=0s/1m} ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
Looking for a script to help Build multiple simple queues at one shot. I got the one below from the MT forums but it is for V2 and its not working with V3. Anyone got a good link Steve Barnes RCWiFi Wireless Internet Service :for i from=10 to=100 do={/queue simple add target-address=(10.128.138. . $i . "/32") max-limit=256000/70 burst-limit=0/150 burst-threshold=0/60 burst-time=0s/1m} ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
First, You should only use NAT at one point on the network, the rest really should be routed, but I wont preach. Do butch's command on the access point that they are connecting to, or the router that does their NAT (Assuming those are MTs) Do a normal NAT rule to force all info from ip A.B.C.D to ip E.F.G.H I always meant to find a way to base this on the NetBIOS ID or some other ID that people are less likely to think of changing. I now run MT's hotspot + user manager but limitations with the user manager, I am working on building my own. Brian Bearce wrote: > What kind of rules do you use for this. > > Still learning the in's and out's to this box. > > Original Message --- > Ahh. I have people try this. I found the best way to deal with them is > to force all http from them to undesirable places (the rest is blocked > out right). Every now and then one will call me up and explain "I was > uh, on your network and all I can get is this goat web site" "Yea, you > were doing more then that, however in light of your honesty I will forgo > the trespass paper work, its a $100 connect fee + data used". Most of > them cough up the cash. > > > >> right now they are basically IP hunting. As soon as I find them and place >> restrictions on the IP. The find another. I use static IP's so their not >> getting DHCP. >> >> >> >> Original Message --- >> What is being hacked? If they have any skills at all, they know how to >> change a mac address. MAC based block lists do not work for long >> >> Brian Bearce wrote: >> >> >>> Does anyone know of a way to find a hackers MAC address and block all >>> traffic via the MikroTik. I am running version 2.9.43 >>> >>> Thanks >>> >>> ___ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >>> >>> >>> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
What kind of rules do you use for this. Still learning the in's and out's to this box. Original Message --- Ahh. I have people try this. I found the best way to deal with them is to force all http from them to undesirable places (the rest is blocked out right). Every now and then one will call me up and explain "I was uh, on your network and all I can get is this goat web site" "Yea, you were doing more then that, however in light of your honesty I will forgo the trespass paper work, its a $100 connect fee + data used". Most of them cough up the cash. > right now they are basically IP hunting. As soon as I find them and place > restrictions on the IP. The find another. I use static IP's so their not > getting DHCP. > > > > Original Message --- > What is being hacked? If they have any skills at all, they know how to > change a mac address. MAC based block lists do not work for long > > Brian Bearce wrote: > >> Does anyone know of a way to find a hackers MAC address and block all >> traffic via the MikroTik. I am running version 2.9.43 >> >> Thanks >> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
Ahh. I have people try this. I found the best way to deal with them is to force all http from them to undesirable places (the rest is blocked out right). Every now and then one will call me up and explain "I was uh, on your network and all I can get is this goat web site" "Yea, you were doing more then that, however in light of your honesty I will forgo the trespass paper work, its a $100 connect fee + data used". Most of them cough up the cash. > right now they are basically IP hunting. As soon as I find them and place > restrictions on the IP. The find another. I use static IP's so their not > getting DHCP. > > > > Original Message --- > What is being hacked? If they have any skills at all, they know how to > change a mac address. MAC based block lists do not work for long > > Brian Bearce wrote: > >> Does anyone know of a way to find a hackers MAC address and block all >> traffic via the MikroTik. I am running version 2.9.43 >> >> Thanks >> >> ___ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
If they're NAT'ed behind a router you won't see the MACs on the current router. Do the command on the "another router". When a masquerade rule or NAT is involved, ARP and switches are replaced with routing basically. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Those who don't understand UNIX are condemned to reinvent it, poorly. --- Henry Spencer On Wed, Jan 14, 2009 at 2:14 PM, Brian Bearce < brian.bea...@adrianwireless.com> wrote: > Does it make a difference if these are private IP's 192.168.*.*? These are > NATed via another router. > > When I key in the command below it either returns me to the prompt or I get > "invalid Item number" > > It is known the IP they are using. > > > Original Message --- > On Wed, 2009-01-14 at 10:32 -0600, Brian Bearce wrote: > > Does anyone know of a way to find a hackers MAC address and block all > traffic via the MikroTik. I am running version 2.9.43 > > If you know their current IP: > > /ip arp print from=[find address=CURR.ENT.IP.ADDRESS] > > That will give you their MAC. From there, you can either add them to > the access-list on the AP or add a firewall rule that drops all traffic > from their MAC address. As was stated before, they are likely to just > change their MAC address if you do that, but it's one approach. > > -- > > * Butch Evans * Professional Network Consultation* > * http://www.butchevans.com/* Network Engineering * > * http://www.wispa.org/ * WISPA Board Member * > * http://blog.butchevans.com/ * Wired or Wireless Networks * > > > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -- next part -- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20090114/f8a0ae4a/attachment.html> ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
Does it make a difference if these are private IP's 192.168.*.*? These are NATed via another router. When I key in the command below it either returns me to the prompt or I get "invalid Item number" It is known the IP they are using. Original Message --- On Wed, 2009-01-14 at 10:32 -0600, Brian Bearce wrote: > Does anyone know of a way to find a hackers MAC address and block all traffic > via the MikroTik. I am running version 2.9.43 If you know their current IP: /ip arp print from=[find address=CURR.ENT.IP.ADDRESS] That will give you their MAC. From there, you can either add them to the access-list on the AP or add a firewall rule that drops all traffic from their MAC address. As was stated before, they are likely to just change their MAC address if you do that, but it's one approach. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
On Wed, 2009-01-14 at 10:32 -0600, Brian Bearce wrote: > Does anyone know of a way to find a hackers MAC address and block all traffic > via the MikroTik. I am running version 2.9.43 If you know their current IP: /ip arp print from=[find address=CURR.ENT.IP.ADDRESS] That will give you their MAC. From there, you can either add them to the access-list on the AP or add a firewall rule that drops all traffic from their MAC address. As was stated before, they are likely to just change their MAC address if you do that, but it's one approach. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
right now they are basically IP hunting. As soon as I find them and place restrictions on the IP. The find another. I use static IP's so their not getting DHCP. Original Message --- What is being hacked? If they have any skills at all, they know how to change a mac address. MAC based block lists do not work for long Brian Bearce wrote: > Does anyone know of a way to find a hackers MAC address and block all traffic > via the MikroTik. I am running version 2.9.43 > > Thanks > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
right now they are basically IP hunting. As soon as I find them and place restrictions on the IP. The find another. I use static IP's so their not getting DHCP. Original Message --- What is being hacked? If they have any skills at all, they know how to change a mac address. MAC based block lists do not work for long Brian Bearce wrote: > Does anyone know of a way to find a hackers MAC address and block all traffic > via the MikroTik. I am running version 2.9.43 > > Thanks > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Finding MAC Address and Blocking
What is being hacked? If they have any skills at all, they know how to change a mac address. MAC based block lists do not work for long Brian Bearce wrote: > Does anyone know of a way to find a hackers MAC address and block all traffic > via the MikroTik. I am running version 2.9.43 > > Thanks > > ___ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] Finding MAC Address and Blocking
Does anyone know of a way to find a hackers MAC address and block all traffic via the MikroTik. I am running version 2.9.43 Thanks ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS