whale is surfing the code



Hi! My name is Dmitry and I work with servers (Unix/Linux), networks (routers, bridges, switches etc) and everything that can be connected to PC or network.
On this page I will post different thing about all of this.
Here you will find my Mikrotik RouterOS scripts that I have written working as ISP administrator.
I have also made interaction with Mikrotik RouterOS, MySQL and PHP using bash and expect.

2009-10-28 13:54:47

MAC monitoring bot, that intelligently add ip->arp record in Mikrotik RouterOS 2.8

Maybe this script will be interesting for someone.
Some time ago I have administering ISP routers with many clients using static ips.
To make things more secure we added ip->arp entries for clientip+clientmac.
It was very boring and unreliable to add this rules manually.
So I invented this algorithm and implemented it in script.

1. search for all dynamic mac addresses whose ip not in whitelist (add router gateway subnet here and trusted ips)
2. make a database of dynamic mac with corresponding ip
3. monitor for 3 days for this ips to appear again
3.1. if ip appears again with the same mac in second day - add to list of "good" ips
3.2. if ip appears again with the different mac in second day - add ip to blacklist (not monitored) or you could just start monitoring over again
4. if it appears again with the same mac in the third day and ip is in the list of good ips, then make an ip->arp record

Very simply, isn't it?

But we used RouterOS version 2.8 and it takes a lot of time to implement it.
Few more word on environment:
1. script language is for RouterOS 2.8!
2. routers shouldn't be rebooted at least 3 days to script make one monitoring cycle
3. script can monitor N ips simultaneously (it's set in variable)
4. script should be scheduled to run every hour
5. all the used ips have ip->arp disabled record with any mac address (so, if user changes pc or router, you just disabled ip->arp record and script will monitor for the new mac) and not used ips have enabled ip->arp record with inexistent mac (00:00:00:00:00:00 for example).

I have used two script - first is the monitoring itself and second is for whitelist and blacklist (it shouldn't be erased on reboots, so I recorded it to different script).
To make things easier I'm not storing mac addresses in scripts or variables, I just add disabled ip->arp record.
Script also send e-mail with information about any new ip->arp record made by script.

MAC-ROBOT-v2.0:


MAC-ROBOT-BLACKLIST-v2.0:




So this is the script for RouterOS 2.8, but it should not take much time to rewrite it for v3 or v4.

hosts today: 1 | hits today: 1 | hosts total: 3934 | hits total: 11487
Copyright © whale at klub dot lv