Hi! So, I'm running a OpenWRT router as a public hotspot (i.e. no password) to provide internet access to a small area in front of my house. Everything was fine until someone nearby set up a WiFi repeater (which I don't have physical nor remote access to) that connects to my open hotspot and introduces its own DHCP server which is seriously interfering with most devices that connect to my hotspot, thus preventing them from having internet access at all.
How can I block this DHCP server from even connecting/associating to my network in the first place?
Thanks!
PS: I want to keep my network public so protecting it with WPA2/WPA3 password is not an option.
One of the -very few- cases where the MAC filter (block) may help.
Apart from that, there isn't much you can do - once they have the access credentials (as in, there are none), they can flood your network with all sorts of crap, like bogus DHCP responses.
So most likely they just want to use your public network a bit further away than your house. It is unlikely they are trying to "deny service" as there are much more efficient ways of doing that.
They have most likely inadvertently left their dhcp server running.
A good approach would be to ask around and find the culprit and help them fix the problem. They will only be a few hundred metres away at worst.
Do consider though, in almost all countries there are regulations/laws that put liability for misuse on you unless you run a captive portal to inform users that it is their responsibility not yours. A part of this is usually a requirement that you keep secure logs of devices that connect (not what they access). Come the day your local enforcement department knocks on your door, you will have the answers they need.
As a security measure, I would always activate "client isolation" for a public WiFi, so there is no traffic between clients. This will probably fix the issue, too.
Yes though I mean there must be a way to prevent this. I've been to many airports with public WiFi networks and never found this issue. Maybe airports do have some method to prevent this? I mean, if they didn't, then anyone could just use a rogue DHCP server and break havoc in their connections, especially since airports are big and the 'prankster'/malicious actor could just be walking around with a battery powered raspberry pi on his backpack.
In addition to WiFi client isolation, enterprise grade switches also have features to isolate ports and to prevent rogue dhcp servers from operating on the network. This is not a feature that is typically found in lower end switches, though.
Well basically first identify which network interface is attached to the respective Wi-Fi.
Then edit that interface and got to DHCP Server tab then under it, choose Advanced Settings,
You should see
They could also setup another gateway with Internet - in order to inspect the traffic without your knowledge.