Rouge dhcp server along with mac and IP.
*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant ***
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: [email protected] <mailto:[email protected]>
*From:*Af [mailto:[email protected]] *On Behalf Of *That One Guy
/sarcasm
*Sent:* Monday, February 27, 2017 4:54 PM
*To:* [email protected]
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
DHCP alert will tell me if there is an IP thats not a DHCP server?
On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess
<[email protected] <mailto:[email protected]>> wrote:
ARPs will not come though as you don’t have anything on that
subnet. DHCP-Alert is what you want.
*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant *
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270 <tel:%28314%29%20735-0270>
E-Mail: [email protected] <mailto:[email protected]>
*From:*Af [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *That One Guy /sarcasm
*Sent:* Monday, February 27, 2017 4:19 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
Im mainly looking for IP space that shouldnt be present, DHCP or not.
I can packet sniff and exclude all configured subnets on that
bridge, but its a pain
I didnt know if there was arp monitor or something along those
lines. collecting gratuitous ARPs or something like that
I see alot of false 192.168.1.1 when i stick that subnet on the
interface, it doesnt respond and often times has the customer IP
arp listed as well sometimes its the same mac, sometimes its one
digit off like a reboot cycling up in switch then into router mode
during boot cycle. I see it alot with netgear macs.
alot of times the 192.168.1.1 is persistent even though its not
responding or otherwise apparently even active
On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <[email protected]
<mailto:[email protected]>> wrote:
Oh? I never noticed that feature.
If you get the offender's MAC address it should be trivial to
find them at that point. That's really all you need.
------ Original Message ------
From: "Dennis Burgess" <[email protected]
<mailto:[email protected]>>
To: "[email protected] <mailto:[email protected]>" <[email protected]
<mailto:[email protected]>>
Sent: 2/27/2017 5:01:12 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
MIkroTik does have a dhcp alert detection as well. It
will not detect the dhcp sever on the router. It will
give you basic information such as MAC address etc, but
really don’t help you too much. But neither will turning a
DHCP client on. You have to find where that client is and
turn them off.
*/_Dennis Burgess_/**–**Network Solution Engineer –
Consultant *
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>–
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270 <tel:%28314%29%20735-0270>
E-Mail: [email protected]
<mailto:[email protected]>
*From:*Af [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *Dennis Burgess
*Sent:* Monday, February 27, 2017 3:59 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
Switch can do it too, port isolation! Lol note, not a
dumb switch though. Nettoix I belive does it.
*/_Dennis Burgess_/**–**Network Solution Engineer –
Consultant *
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>–
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270 <tel:%28314%29%20735-0270>
E-Mail: [email protected]
<mailto:[email protected]>
*From:*Af [mailto:[email protected]] *On Behalf Of
*Adam Moffett
*Sent:* Monday, February 27, 2017 3:57 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
Only on two different router interfaces. If they're on a
switch, then no.
I think Dennis may be referring to how you should ideally
have things configured, and I think you're talking
specifically about the feature in Canopy equipment labeled
"SM Isolation".
Ideally, yeah you should make it so one customer can't
break everyone. That's a multi-faceted thing and SM
Isolation is one component of it.
If you're looking specifically for a router plugged in
backwards, add a DHCP-client to the interface facing the
AP, and (*critical*) uncheck the boxes for "add default
route" and "add peer DNS". That might be the kind of
quick, simple test you're hoping for.
------ Original Message ------
From: "That One Guy /sarcasm" <[email protected]
<mailto:[email protected]>>
To: "[email protected] <mailto:[email protected]>" <[email protected]
<mailto:[email protected]>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
clients on two different access points wil be blocked
by client isolation?
On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess
<[email protected]
<mailto:[email protected]>> wrote:
There is no reason why it would and should not .
JYou can easily allow the one offs …
*/_Dennis Burgess_/**–**Network Solution Engineer
– Consultant *
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>–
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit
www.linktechs.net <http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270 <tel:%28314%29%20735-0270>
E-Mail: [email protected]
<mailto:[email protected]>
*From:*Af [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *That
One Guy /sarcasm
*Sent:* Monday, February 27, 2017 1:13 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Mikrotik quick view for
unknown subnets
A. we have some locations where we dont use client
isolation and B client isolation doesnt apply to
two access points as far as I know
On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess
<[email protected]
<mailto:[email protected]>> wrote:
Your client isolation should take care of
that. FYI.
*/_Dennis Burgess_/**–**Network Solution
Engineer – Consultant *
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>–
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit
www.linktechs.net <http://www.linktechs.net/>
Radio Frequiency Coverages:
www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270 <tel:%28314%29%20735-0270>
E-Mail: [email protected]
<mailto:[email protected]>
*From:*Af [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*That One Guy /sarcasm
*Sent:* Monday, February 27, 2017 12:42 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Mikrotik quick view for
unknown subnets
I wasnt clear, I was actually looking for
rogue subnets in general
another issue example is that a customer with
some time clocks recently had a slick tech put
a switch in before the router at multiple
locations from the same site, different APs,
we bridge the APs at the POP, so they were
directly communicating
On Mon, Feb 27, 2017 at 12:33 PM, Faisal
Imtiaz <[email protected]
<mailto:[email protected]>> wrote:
You might find the useful.
https://forum.mikrotik.com/viewtopic.php?t=23640
Regards.
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232
<tel:%28305%29%20663-5518>
Help-desk: (305)663-5518
<tel:%28305%29%20663-5518>Option 2 or
Email: [email protected]
<mailto:[email protected]>
------------------------------------------------------------------------
*From: *"That One Guy /sarcasm"
<[email protected]
<mailto:[email protected]>>
*To: *[email protected] <mailto:[email protected]>
*Sent: *Monday, February 27, 2017
11:34:59 AM
*Subject: *[AFMUG] Mikrotik quick view
for unknown subnets
If, for example a customer has a
router connected backward, is there an
arp(ish) check aside from packet
sniffing to see this since its not a
subnet on the interface and there wont
be an arp entry?
--
If you only see yourself as part of
the team but you don't see your team
as part of yourself you have already
failed as part of the team.
--
If you only see yourself as part of the team
but you don't see your team as part of
yourself you have already failed as part of
the team.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
--
If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part of
the team.
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
