Pinning this comment with the relevant MikroTik help docs: help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-DHCPSnoopingandDHCPOption82
UMA CURA! Hehehe although I love Refuse / Resist and Troops of Doom a lot from Sepultura. Haven't listened to them much recently. Will definitely re-add Sepultura and Soul Fly to my playlists :D!
Thank you this with security awernes seams to increase a lot. How about a video to collect and manage logs from the Mikrotik? Line ntopt, greylog and others to detect and prevent intrusion.
Great video as always, very informative :D I would like to have push notification from the router... Instead of e-mail... I hope mikrotik do something about that... Aruba switches for eg can be managed from the cloud... (I think that notification are enough)
🤘Yeah I love Sepultura! Wish I was a bit older when Max came to South Africa in 2004 with SoulFly, sadly my conservative parents wouldn't allow a 15 year old to a metal concert :P
@@TheNetworkBerg I saw Max a number of times with SoulFly. It was definitely something special. I didn't see Sepultura when he was there, unfortunately. I remember when my older brother brought home the first Nailbomb album - thats some good stuff if you haven't heard of it!
I'm using router on a stick model so I also have VLAN joined a Bridge at Router. Is it necessary to enable DHCP Snooping on Router's Bridge and trust Router's ether2?
My scenario is a mk router, with another oem poe switch connected on port 3. The switch hosts my APs. An extender connected to the network to boost signal to grey area is behaving as a rogue server. What do you advise for dhcp snooping since it's only one port that's connected to the mk device ?
Unfortunately not, in this instance Wireshark is integrated with EVE-NG the network emulation software (VM) that I am running to build this topology. What makes this cool is that you run wireshark against any node so I can see the same results on a Cisco, Juniper, Huawei, HPE, etc.
hi if i have 3 LAN bridges each one with its own DHCP server should i create 3 emntries under ALERTS? or do i need to create one Alert and put all 3 DHCP servers in there??
Easiest eay to wirelessly take down a network you are testing - mikrotik as wireless bridge ; once you have internet, then on the wireless bridge enable the dhcp server for the same range and scope as the network youre connecting to... Boom, network will go down and if the core router is rebooted, the Mikrotik will reconnect and the fun will happen again.. as a PoC, you can run the Mikrotik off of a power bank, using a 5v to 12v usb to DC barrel jack cable.
It is a network emulator called EVE-NG, you can download and install it on a Virtual Machine, it does the same thing as GNS3. You build virtual networks that work like real networks (Because they are real images) to get a better understanding of how to configure or build your networks.
Would a rogue DHCP server on one of the switches still respond but be blocked? Could the switch then detect and log? Thinking about ways to block them from acting while still being able to detect them because it's an indicator of a problem.
Then the rogue server will be able to do DHCP again, but this would mean the rogue user would need access to the physical switches and if random people can walk into switching cabinets you have more serious security concerns. You would also quickly pick up if half your network drops because a malicious person unplugged a switch.
@@TheNetworkBerg i just checked the documentation, apparently sw1 ether2 would only have trusted=yes _if_ both sw1 and sw2 are using dhcp option 82, otherwise i'm assuming it would be trusted=no this is because when option 82 is enabled for the bridge, it will automatically discard any packet received on untrusted ports if they have an option 82 field. no mention on behavior of when option 82 is disabled for the receiving device, but i'm assuming it accepts any dhcp client regardless of option 82 field present or not on untrusted ports and only discards dhcp servers.
If anyone added a rogue router to a work network, then that person would a. be out of a job and b. behind bars LOL not likely, but very possible at a home network.
what actually happens is technicians testing replaced commodity routers by connecting it to the local network and not realizing these come with a DHCP server by default, and then wonder why others start complaining that the network stopped working.
Pinning this comment with the relevant MikroTik help docs:
help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-DHCPSnoopingandDHCPOption82
Mikrotik shouted you out!! Pretty cool! Love your videos
thanx man, very useful explanation, and nice Sepultura shirt)))))))
Very useful. Thank you so much for teaching us thing like this 💪
great video and hell of a t-shirt my man 👍
Thanks for video, nice T-shirt!!
UMA CURA! Hehehe although I love Refuse / Resist and Troops of Doom a lot from Sepultura. Haven't listened to them much recently. Will definitely re-add Sepultura and Soul Fly to my playlists :D!
@@TheNetworkBerg especially "bloody roots" 😎
Perfect explanation and demo !
ANOTHER INFORMATIVE VIDEO .....
Thank you this with security awernes seams to increase a lot. How about a video to collect and manage logs from the Mikrotik? Line ntopt, greylog and others to detect and prevent intrusion.
Great video as always, very informative :D I would like to have push notification from the router... Instead of e-mail... I hope mikrotik do something about that... Aruba switches for eg can be managed from the cloud... (I think that notification are enough)
In Mikrotiks forum there are a lot of scripts for push notif to email, discord ... etc
Awesome, just awesome content. Thx man ♥
Another GREAT VIDEO!
Very useful... thank you so much!
great as usual.
Awesome video !!
nice and compact info to cover a lot of topics (especially snooping!)
thanks for that ... but please give the mic some space ;)
Thanks for the video, really useful
appreciated your video brother.
Love that shirt! Chaos AD!
🤘Yeah I love Sepultura! Wish I was a bit older when Max came to South Africa in 2004 with SoulFly, sadly my conservative parents wouldn't allow a 15 year old to a metal concert :P
@@TheNetworkBerg I saw Max a number of times with SoulFly. It was definitely something special. I didn't see Sepultura when he was there, unfortunately. I remember when my older brother brought home the first Nailbomb album - thats some good stuff if you haven't heard of it!
U R Super Pro Expert 😊
Thank you for the kind words
That was all well and good, but how do you protect it if they keep using smokebomb and vanish?
Great video! What kind of virtualisation software are you using?
I use VMWare Pro as a hypervisor and the emulation VM I am running is EVE-NG
Chaos A.D , nice 😁
hello
great lesson
can u make lesson about best traffic shapping in mikrotik
best regards
Thank you
Love your shirt!!! Love your content! Keep it metal!! Keep it nerd! Don't change!
#CHAOS_AD
4:39 or, or, or, you do one even better, if your device has a piezo buzzer you could play Seek & Destroy.
Very good explanation, may I know what tools you are using in the dashboard?
I'm using router on a stick model so I also have VLAN joined a Bridge at Router. Is it necessary to enable DHCP Snooping on Router's Bridge and trust Router's ether2?
My scenario is a mk router, with another oem poe switch connected on port 3. The switch hosts my APs. An extender connected to the network to boost signal to grey area is behaving as a rogue server. What do you advise for dhcp snooping since it's only one port that's connected to the mk device ?
can you do this with pfsense?
Nice thumbnail
Wait im new here. 2:15 is a wireshark link integrated into the mikrotik soft/hardware? how did that work?
Unfortunately not, in this instance Wireshark is integrated with EVE-NG the network emulation software (VM) that I am running to build this topology. What makes this cool is that you run wireshark against any node so I can see the same results on a Cisco, Juniper, Huawei, HPE, etc.
hi very useful. If you are willing to share also the topic with option 82, it will help a lot. advance thanks.
additional question. if you are using option 82, you can use at least 2 switches or like you said you need more 1 router for additional requirement?
hi if i have 3 LAN bridges each one with its own DHCP server should i create 3 emntries under ALERTS? or do i need to create one Alert and put all 3 DHCP servers in there??
Please I would really love to write scripts on my Mikrotik router, How do I go about doing that??
Easiest eay to wirelessly take down a network you are testing - mikrotik as wireless bridge ; once you have internet, then on the wireless bridge enable the dhcp server for the same range and scope as the network youre connecting to... Boom, network will go down and if the core router is rebooted, the Mikrotik will reconnect and the fun will happen again.. as a PoC, you can run the Mikrotik off of a power bank, using a 5v to 12v usb to DC barrel jack cable.
what is the drawing tool used here?
It is a network emulator called EVE-NG, you can download and install it on a Virtual Machine, it does the same thing as GNS3. You build virtual networks that work like real networks (Because they are real images) to get a better understanding of how to configure or build your networks.
Would a rogue DHCP server on one of the switches still respond but be blocked? Could the switch then detect and log? Thinking about ways to block them from acting while still being able to detect them because it's an indicator of a problem.
Do you know how this protection is done on the switch-port level? Is it using an "extended" ACL in the switch to block DHCP offers?
Are you sure that port 2 on switch 1 should be made trusted? What if the rogue server connects instead of the second switch?
Then the rogue server will be able to do DHCP again, but this would mean the rogue user would need access to the physical switches and if random people can walk into switching cabinets you have more serious security concerns.
You would also quickly pick up if half your network drops because a malicious person unplugged a switch.
@@TheNetworkBerg i just checked the documentation, apparently sw1 ether2 would only have trusted=yes _if_ both sw1 and sw2 are using dhcp option 82, otherwise i'm assuming it would be trusted=no
this is because when option 82 is enabled for the bridge, it will automatically discard any packet received on untrusted ports if they have an option 82 field.
no mention on behavior of when option 82 is disabled for the receiving device, but i'm assuming it accepts any dhcp client regardless of option 82 field present or not on untrusted ports and only discards dhcp servers.
But why not simply isolate all users on Wi-Fi?
Refuse/resist rogue dhcp chaos servers ad!
If anyone added a rogue router to a work network, then that person would a. be out of a job and b. behind bars LOL not likely, but very possible at a home network.
what actually happens is technicians testing replaced commodity routers by connecting it to the local network and not realizing these come with a DHCP server by default, and then wonder why others start complaining that the network stopped working.
is by default dhcp snooping rejection loged? cisco do log by default
Yes you can do it on SW😊