Mikrotik Hotspot Ghost User Script
I had a customer show me a strange problem they were having with hotspot. They are doing MAC based authentication off of a usermanager server with 5 or 6 hotspots distributed out in their network. They have it limited down to one login per useraccount, which is normal. The problem is that they would occasionally get strange multiple logins from their customers.
In the hotspot host tab, one will see the customer MAC address, the “address” and the “to address” fields.
The above is an example of a normal situation.
What the client would see would be that the ghost entry would have a wacky IP set in address or sometimes no address at all would be listed. In most common situations, the address and to address should match.
I wrote the following script so that it goes through the host entries and looks for any entries that have non matching address and to address fields. If it finds a match, it clears that entry.
Winbox Version
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | # define variables :local addr :local toaddr :log info "Start Ghost Hotspot Script" :foreach i in=[/ip hotspot host find] do={ :set addr [/ip hotspot host get $i address] :set toaddr [/ip hotspot host get $i to-address] # :log info "address = $addr and to-address = $toaddr" :if ($addr != $toaddr) do={ # we found one to clear :log info "clear address = $addr and to-address = $toaddr with # $i" /ip hotspot host rem $i } } :log info "Ghost Hotspot Script Complete" |
CLI Version
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | /system script add name=HotspotGhost policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="#\ \_define variables\r\ \n:local addr\r\ \n:local toaddr\r\ \n:log info \"Start Ghost Hotspot Script\"\r\ \n\r\ \n:foreach i in=[/ip hotspot host find] do={\r\ \n :set addr [/ip hotspot host get \$i address]\r\ \n :set toaddr [/ip hotspot host get \$i to-address]\r\ \n# :log info \"address = \$addr and to-address = \$toaddr\"\r\ \n :if (\$addr != \$toaddr) do={\r\ \n# we found one to clear\r\ \n :log info \"clear address = \$addr and to-address = \$toaddr with # \$i\ \"\r\ \n /ip hotspot host rem \$i\r\ \n }\r\ \n}\r\ \n:log info \"Ghost Hotspot Script Complete\"" |
You would create a schedule in system -> schedule to kick off the script as frequently as you like.
1 2 3 4 | /system scheduler add comment="" disabled=no interval=10m name=HotspotGhost on-event=\ HotspotGhost policy=read,write,policy start-date=jan/01/1970 start-time=\ 00:00:00 |
Forgive me if I’m missing something, but afaik this would be caused by the mikrotik trying to catch any and all addresses (even if they aren’t in the right range) using it’s universal proxy.
If you set the address pool to ‘none’ under the hotspot server settings, it won’t attempt to map any strange or missing addresses to a valid address in the pool.
The mikrotik will actually spoof mac addresses for users trying to connect to other IP addresses when the address pool is turned on, forcing traffic that wouldn’t otherwise hit the router to pass through it to get to other clients.
Just my 2c worth 🙂
Andrew,
Good catch…though the customer informed me they tried this…?