Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
  1. #1
    Status
    Offline
    adiwijaya's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Block IP Static cegah Duplikat Mac/IP

    Rekan2 semua, saya punya masalah dengan adanya cloning mac/ip sehingga user dapat mencuri bandwidth alias online gratis. nah menurut saya cara yg tepat untuk mencegah hal ini yaitu dengan melakukan block terhadap ip yang terset secara static/manual.
    nah pertanyaannya,,
    bisa gak ya mikrotik melakukan block terhadap ip yang terset secara static. jadi hanya ip yg terset secara DHCP aja yg bisa browsing/OL..

    sebenarnya cara2 lain seperti settingan PPPOE Server dan firewal2 yang lainnya sudah cukup bagus jg sih untuk memblock duplikat mac/ip, tapi sy pengen dengan cara seperti yg saya tanyakan tadi.

    kira2 bisa gak ya???

    sory kalau pertanyaanya rada semrawutan, soalnya belum lulus pelajaran bahasa indonesia di SD sih.. hehhee..
    Last edited by adiwijaya; 02-02-2011 at 19:02.

  2. #2
    Status
    Offline
    xeonx's Avatar
    Baru Gabung
    Join Date
    Sep 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    coba lagi di ubek2 gan.... dah bejibun tuh... Click here to enlarge

    keep spirit gan.... Click here to enlarge

  3. #3
    Status
    Offline
    adiwijaya's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kakau block dengan cara lain sih sdh dapet seperti :
    1. block duplikat mac/ip dengan mengaktifkan arp replay only
    2. block duplikat mac/ip dengan pppoe server
    3. block duplikat mac/ip dengan cara block net scaning sehingga ga dapat menemukan ip dan mac yg sedang terhubung ke jaringan
    4. block duplikat mac/ip dengan ppp server

    tapi kok ga nemu block mac/ip cloning dengan cara memblock ip yg terset static ya? bisa di tunjukin link atau model scpiptnya gak?

    Bravo FM...!!

  4. #4
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adiwijaya Click here to enlarge
    kakau block dengan cara lain sih sdh dapet seperti :
    1. block duplikat mac/ip dengan mengaktifkan arp replay only
    2. block duplikat mac/ip dengan pppoe server
    3. block duplikat mac/ip dengan cara block net scaning sehingga ga dapat menemukan ip dan mac yg sedang terhubung ke jaringan
    4. block duplikat mac/ip dengan ppp server

    tapi kok ga nemu block mac/ip cloning dengan cara memblock ip yg terset static ya? bisa di tunjukin link atau model scpiptnya gak?

    Bravo FM...!!
    gunakan managable switch dari situ aktifkan binding mac/port gw jamin klepek2 tuh yang mau ngeclone karena mac direstricted/port baru diteruskan ke mikrotik restricted ip-by-mac Click here to enlargeClick here to enlarge

  5. #5
    Status
    Offline
    cw-12's Avatar
    Member Senior
    Join Date
    Jan 2010
    Posts
    391
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    2
    Feedback Score
    0
    Click here to enlarge Originally Posted by oktama Click here to enlarge
    gunakan managable switch dari situ aktifkan binding mac/port gw jamin klepek2 tuh yang mau ngeclone karena mac direstricted/port baru diteruskan ke mikrotik restricted ip-by-mac Click here to enlargeClick here to enlarge
    wah mantap, kira-kira setingannya gimana tuh?, kebetulan punya rb250gs. selama ini hanya memakai fasilitas client-isolation di AP utk menghindari clone.

    misal spt ini gimana?

    ((internet))----[router]----[rb250gs]-------- AP1
    ---------------------------------------------------- AP2
    ---------------------------------------------------- AP3

    mohon pencerahannya..

  6. #6
    Status
    Offline
    hikmahcell's Avatar
    Member Senior
    Join Date
    Apr 2009
    Location
    Tolitoli, Sulawesi Tengah, Indonesia, Indonesia
    Posts
    488
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by cw-12 Click here to enlarge
    wah mantap, kira-kira setingannya gimana tuh?, kebetulan punya rb250gs. selama ini hanya memakai fasilitas client-isolation di AP utk menghindari clone.

    misal spt ini gimana?

    ((internet))----[router]----[rb250gs]-------- AP1
    ---------------------------------------------------- AP2
    ---------------------------------------------------- AP3

    mohon pencerahannya..
    Last edited by hikmahcell; 03-02-2011 at 13:50. Reason: Sorry baru ngeh.. :D dasar katrok gw..

  7. #7
    Status
    Offline
    cw-12's Avatar
    Member Senior
    Join Date
    Jan 2010
    Posts
    391
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    2
    Feedback Score
    0
    Click here to enlarge Originally Posted by hikmahcell Click here to enlarge
    apanya yg baru ngeh bro?? Click here to enlarge

  8. #8
    Status
    Offline
    adiwijaya's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini artinya mikrotik belum powerfull untuk melakukan block terhadap ip static ya? karena masih membutuhkan switch yang mendukukung fasilitas tsb.

  9. #9
    Status
    Offline
    nitaufan's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    154
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adiwijaya Click here to enlarge
    kakau block dengan cara lain sih sdh dapet seperti :
    1. block duplikat mac/ip dengan mengaktifkan arp replay only
    2. block duplikat mac/ip dengan pppoe server
    3. block duplikat mac/ip dengan cara block net scaning sehingga ga dapat menemukan ip dan mac yg sedang terhubung ke jaringan
    4. block duplikat mac/ip dengan ppp server

    tapi kok ga nemu block mac/ip cloning dengan cara memblock ip yg terset static ya? bisa di tunjukin link atau model scpiptnya gak?

    Bravo FM...!!
    Coba Script ini gan....
    Code:
    # find static IP version 8
    
    :log info ("!!! SYS UPTIME (-" . [/ip address get [/ip address find interface=wlan1] address] . "-) --> " . [/system resource get uptime]);
    
    :set countusers 0;
    :foreach k in [/ip arp find interface=ether1] do={:set countusers ($countusers + 1); /ip arp remove $k;}
    :log info ("!!! USERS ONLINE --> " . $countusers);
    :delay(60);
    
    :foreach i in [/ip arp find interface=ether1] do={
    
    :set arpip [/ip arp get $i address];
    :set arpmac [/ip arp get $i mac-address];
    
    :set notstatic 0;
    
    
    :foreach j in [/ip dhcp-server lease find] do={
    
    :set dhcpip [/ip dhcp-server lease get $j address];
    
    :if ( ($dhcpip=$arpip) ) do={:set notstatic ($notstatic +1);}
    
    # list of acceptable ip. Separate with ||
    :if ( $arpip=10.207.100.1 || $arpip=10.207.1.1 || $arpip=10.207.1.2 || $arpip=10.207.1.3 || $arpip=10.207.1.7 || $arpip=10.207.100.2 || $arpip=10.207.100.3 || $arpip=10.207.100.4 || $arpip=10.207.100.5 || $arpip=10.207.100.7) do={:set notstatic ($notstatic +1);}
    
    }
    
    :if ($notstatic =0) do {
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " waiting 100 seconds to confirm.");
    :delay(100);
    :set notstatic 0;
    :foreach j in [/ip dhcp-server lease find] do={
    
    :set dhcpip [/ip dhcp-server lease get $j address];
    
    :if ( ($dhcpip=$arpip) ) do={:set notstatic ($notstatic +1);}
    
    # list of acceptable ip. Separate with ||
    :if ( $arpip=10.207.100.1 || $arpip=10.207.1.1 || $arpip=10.207.1.2 || $arpip=10.207.1.3 || $arpip=10.207.1.7 || $arpip=10.207.100.2 || $arpip=10.207.100.3 || $arpip=10.207.100.4 || $arpip=10.207.100.5 || $arpip=10.207.100.7) do={:set notstatic ($notstatic +1);}
    
    }
    }
    :set isinfirewall 0;
    
    :if ($notstatic =0) do {
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac );
    
    :foreach m in [/ip firewall filter find comment=("Blocked Mac " . $arpmac . " of Static IP " . $arpip)] do={:set isinfirewall 1};
    
    :if ($isinfirewall =0) do={
    /ip firewall filter add chain=forward src-mac-address=$arpmac action=drop comment=("Blocked Mac " . $arpmac . " of Static IP " . $arpip);
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " --> BLOCKED");
    } else={
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " --> Already Blocked");
    };
    
    }
    
    }

  10. #10
    Status
    Offline
    adiwijaya's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by nitaufan Click here to enlarge
    Coba Script ini gan....
    Code:
    # find static IP version 8
    
    :log info ("!!! SYS UPTIME (-" . [/ip address get [/ip address find interface=wlan1] address] . "-) --> " . [/system resource get uptime]);
    
    :set countusers 0;
    :foreach k in [/ip arp find interface=ether1] do={:set countusers ($countusers + 1); /ip arp remove $k;}
    :log info ("!!! USERS ONLINE --> " . $countusers);
    :delay(60);
    
    :foreach i in [/ip arp find interface=ether1] do={
    
    :set arpip [/ip arp get $i address];
    :set arpmac [/ip arp get $i mac-address];
    
    :set notstatic 0;
    
    
    :foreach j in [/ip dhcp-server lease find] do={
    
    :set dhcpip [/ip dhcp-server lease get $j address];
    
    :if ( ($dhcpip=$arpip) ) do={:set notstatic ($notstatic +1);}
    
    # list of acceptable ip. Separate with ||
    :if ( $arpip=10.207.100.1 || $arpip=10.207.1.1 || $arpip=10.207.1.2 || $arpip=10.207.1.3 || $arpip=10.207.1.7 || $arpip=10.207.100.2 || $arpip=10.207.100.3 || $arpip=10.207.100.4 || $arpip=10.207.100.5 || $arpip=10.207.100.7) do={:set notstatic ($notstatic +1);}
    
    }
    
    :if ($notstatic =0) do {
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " waiting 100 seconds to confirm.");
    :delay(100);
    :set notstatic 0;
    :foreach j in [/ip dhcp-server lease find] do={
    
    :set dhcpip [/ip dhcp-server lease get $j address];
    
    :if ( ($dhcpip=$arpip) ) do={:set notstatic ($notstatic +1);}
    
    # list of acceptable ip. Separate with ||
    :if ( $arpip=10.207.100.1 || $arpip=10.207.1.1 || $arpip=10.207.1.2 || $arpip=10.207.1.3 || $arpip=10.207.1.7 || $arpip=10.207.100.2 || $arpip=10.207.100.3 || $arpip=10.207.100.4 || $arpip=10.207.100.5 || $arpip=10.207.100.7) do={:set notstatic ($notstatic +1);}
    
    }
    }
    :set isinfirewall 0;
    
    :if ($notstatic =0) do {
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac );
    
    :foreach m in [/ip firewall filter find comment=("Blocked Mac " . $arpmac . " of Static IP " . $arpip)] do={:set isinfirewall 1};
    
    :if ($isinfirewall =0) do={
    /ip firewall filter add chain=forward src-mac-address=$arpmac action=drop comment=("Blocked Mac " . $arpmac . " of Static IP " . $arpip);
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " --> BLOCKED");
    } else={
    :log info ("!!! STATIC IP --> " . $arpip . " mac " . $arpmac . " --> Already Blocked");
    };
    
    }
    
    }

    ini artinya ip dhcp dan ip static (hasil clon) dua2nya kena block donk..

    bisa gak ya hanya ip/mac hasil clone yang terset static itu saja yang di block, sedangkan ip dhcp yang asli tetap bisa browsing

  11. #11
    Status
    Offline
    kaspo's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    menarik ini gan. persis kayak kasus ane...
    ditunggu solve nya....Click here to enlargeClick here to enlarge

  12. #12
    Status
    Offline
    adiwijaya's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kaspo Click here to enlarge
    menarik ini gan. persis kayak kasus ane...
    ditunggu solve nya....Click here to enlargeClick here to enlarge
    sampai saat ini belum ada solusi terbaik untuk kasus ini, ta coba up lagi topik ini deh.

  13. #13
    Status
    Offline
    unavailabled's Avatar
    Member
    Join Date
    Dec 2008
    Location
    Mangle Prerouting
    Posts
    137
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adiwijaya Click here to enlarge
    sampai saat ini belum ada solusi terbaik untuk kasus ini, ta coba up lagi topik ini deh.
    clientnya diset ip static ato dynamic?
    kalo dynamic :
    Code:
    aktifkan DHCP trus centang add ARP For Leases.
    trus ubah ARP ethernet jadi Reply Only.
    Kalo mode static :
    Code:
    Lock Mac Address dan IP Client di IP > ARP
    trus ubah ARP ethernet jadi Reply Only.

  14. The Following User Says Thank You to unavailabled For This Useful Post:


  15. #14
    Status
    Offline
    anddv's Avatar
    Baru Gabung
    Join Date
    Jun 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ane bantuin up gan ... kasusnya sama kaya yang ane alamin sekarang. mo blok user yang make ip statik, jadi user harus pada pake dhcp dengan ngasih ke kita mac nya. tujuannya seh biar para user ga sembarangan isi ip kompnya sendiri dan terpantau aja para user yang terkoneksi ke jaringan dengan memberi nama pada tiap ipnya. jadi yang pake ip statik kita drop. gimana gan ada yang bisa bantu.

  16. #15
    Status
    Offline
    unavailabled's Avatar
    Member
    Join Date
    Dec 2008
    Location
    Mangle Prerouting
    Posts
    137
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    jawabannya sudah ada diatas gan

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DNS menggunakan IP Static
    By bahia in forum Beginner Basics
    Replies: 0
    Last Post: 15-01-2011, 02:07
  2. [tanya] cegah akses mikrotik dari luar
    By hamdawi in forum General Networking
    Replies: 1
    Last Post: 14-08-2010, 05:56
  3. ip horspot ke ip static
    By hebatwijaya in forum Beginner Basics
    Replies: 0
    Last Post: 20-04-2010, 12:58
  4. Regexp di Static DNS
    By thwvthunder in forum Beginner Basics
    Replies: 3
    Last Post: 28-08-2009, 16:56
  5. [ASK] WDS static
    By stevanus in forum Wireless Networking
    Replies: 4
    Last Post: 29-05-2009, 10:16

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •