Routers and white listing Mac Addresses

Hi,

I am looking for a wireless adsl router that will allow me to only allocate Internet access via a mac address white list. I have a basic Thompson Speed touch from Plusnet but this doesn't seem to have that function. 

Any suggestions guys?

Regards

Which router do you have
The one I have TG582N will do that - BUT - only on wireless connections

Edited by deleted (Fri 02-Jan-15 20:15:56)

Hi Sorry the delay,

I'm using a TG585 v7 - so this may have the function like yours. Can you remember where the whitelisting feature is held?

Regards

Keep in mind that if you have Apple devices running ios8 on your network, in some circumstances they will generate random MAC addresses and therefore won't be able to get on.

In reply to a post by Irby:

Keep in mind that if you have Apple devices running ios8 on your network, in some circumstances they will generate random MAC addresses and therefore won't be able to get on.

That seems a bit pants. All wi-fi networks I run have MAC address whitelists - home and commercial.

Routers which run DD-WRT can certainly assign a static IP address based on MAC address. See http://www.dd-wrt.com/wiki/index.php/Static_DHCP

Edited by caffn8me (Wed 07-Jan-15 13:46:15)

From the looks of it the MAC randomisation is only for when it is NOT connected to an access point. It is for when the devices are probing for potential connections when it doesn't have a known access point to connect to. When connecting to an access point it should be using it's own MAC address.

That should NEVER happen. If it is true then Apple are the ones breaking the rules - MAC addresses are allocated in blocks to manufacturers and should only be used once.

What if a "random" MAC is generated and the connection is one downloading illegal material - will the authorities go after the real MAC owner? after all, they will not know which Apple device it is.

See my post. This is only whilst the device is polling for wireless networks not when it is actively connected to one for data transfer.

Even if that is the case, it is NOT permissible.

In reference to www.techtimes.com/articles/8233/20140612/apple-implements-random-ma...:

To address the growing concerns of its users regarding privacy, Apple will begin implementing random MAC addresses upon the release of the iOS 8 mobile operating system.

In reply to a post by MHC:

Even if that is the case, it is NOT permissible.

Apparently Apple disagree.

I remember reading and signing an application for a block of MAC addresses - they are managed by IEEE. There are conditions in that which govern usage and state that a device/interface should have a single MA allocated. And what if Apple randomisation uses MAs allocated to another manufacturer? Or one belonging to a device already using/logged on to a WiFi hot spot.

More info

I think we can assume it means random within Apple-allocated blocks. However I thought the whole point of MAC addresses was that they were unique to the device. (I know about spoofing them).

In reply to a post by RobertoS:

I think we can assume it means random within Apple-allocated blocks. However I thought the whole point of MAC addresses was that they were unique to the device. (I know about spoofing them).

Even within an allocated block, it should not be done. And yes they are supposed to be device unique.

Even if Apple kept a block of their own MAs for random use, they would still be breaking/bending the rules. They cannot start using a new block until their previously allocated block has been fully (over a specified threshold) utilised.

Maybe they have a different agreement with IEEE that allows it? It could be a relatively small block of addresses as uniqueness becomes less important in this scenario (plus the temp address will only be visible in a very small geographic area).

Yes it is, as long as the LAA bit is set.

MAC whitelisting is fairly pointless and provide a false sens of security - it may stop casual connections, but cloning a device which does have access isn't hard as it is trivial to set the MAC on any Windows or Linux laptop to anything the user desires.

In reply to a post by tdw42:

MAC whitelisting is fairly pointless and provide a false sens of security - it may stop casual connections, but cloning a device which does have access isn't hard as it is trivial to set the MAC on any Windows or Linux laptop to anything the user desires.

Of course, the attacker must know the MAC address they are cloning. Where they have no physical access to an authorized device or the wired and wireless networks, things become a little bit harder. So it's not pointless.

I did say 'fairly pointless' rather than 'completely pointless', IMHO MAC whitelisting provides a false sense of security. Even on encrypted wireless networks the MAC is sent in the clear so sniffing or using a fake AP will reveal the target MACs.

MAC filtering is more about deterring the casual snooper rather than the determined hacker but that doesn't mean it's not useful. It's the same with disabling SSID broadcast.

To deal with the more determined threat, I've put other measures in place

I'm fairly sure my sense of security isn't false.

A strong password will deter a casual snooper. Anyone that can crack a strong password isn't going to have any issues with hidden SSIDs or MAC filtering. However, I wouldn't argue with anyone that wants to put that sort of additional security in place - I used to use MAC filtering but haven't in recent years - where I live it is unlikely that people would camp out to hack my wireless, there are far better and easier target locations.