Restrict connection sharing with 'Change TTL' In MikroTik
Restrict connection sharing with 'Change TTL'
By using MikroTik we can limit the connection of the client. For example when we need a network setting where the connection can only be done with one device. If we want to spread the connection again, then it can not be done.
Such mechanisms may be used to limit wireless connection sharing in public areas or hotspot services. This is intended so that the connection can only be used by devices connected directly to the router, and can no longer be shared by the device from the client (especially sharing the connection using the router).
Then, how is the configuration in MikroTik for the above needs?
The outline of the configuration is that we will change the TTL (Time To Live) value of the packet download leading to the client. Here we'll change it to a value of '1'. For mikrotik itself we can do that configuration on the firewall menu mangle.
After the above configuration is added, when tested for connected devices directly can access the internet. While the device is connected through connection sharing, it cannot access the internet.
Test PING from Smartphone
If seen from each PING test performed on both devices above is visible for the TTL value to '1'. While the PING test conducted on the device connected to the Wireless Router Client will automatically 'Request Timeout'. This is because the packet heading to the device is dropped because of the TTL value in packet header '0 (Zero)'.
If ping test is done from AP Router with the purpose of the device connected to the wireless router client will appear error with status 'TTL Exceeded'.
Conceptually any packet data that passes through the network from 'source address' to 'destination address' will be added ttl value information. This TTL value will be subtracted one by one each passing through the gateway (Layer3 device/Router).