How to really block devices from Wifi access?

Toggle sidebar Toggle sidebar
mrsmile

mrsmile

Distinguished
Sep 12, 2014
122
0
18,690
im using a belkin router. i already blocked all devices including my cellphone from the wifi access through internet parent control but why can i still access the wifi through my phone?

i even try adding only one device (i.e. my PC) to the MAC address filtering list and then blocking all other devices through parent control but my cellphone is still able to access the Wifi
 
Sort by date Sort by votes
techgeek

techgeek

Splendid
Apr 11, 2004
5,297
9
29,965
That is weird, I am able to quick block any computer via my router. I have a Linksys EA4500 and I can set it all up in Parental Controls.

You could instead try setting it up to only allow the MAC devices that you want, this should default to blocking all devices not on the allowed list.

What exact rounter model do you have? Have you checked to see if there is a firmware update for the router in question?
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
Mac blocking will stop honest people basically. Mac can be spoofed...not so sure you can do it on a phone though.

This is the reason routers/ap have enterprise mode support. This uses 802.1x and a radius server to authenticate users, it can be set to even use certificates so it is almost impossible to get unauthorized devices on the net.

Still mac blocking tends to be good enough along with a good WPA password and WPS turned off in a home network.
 
Upvote 0 Downvote
techgeek

techgeek

Splendid
Apr 11, 2004
5,297
9
29,965
You are correct, it is quite easy to change the MAC address to something that's not blocked, that's why I suggested switching to an allow list instead. It becomes more difficult then, because then you need to know the MAC address of a device that is on the allow list. Even then that only works if you spoof the MAC address of a device that isn't presently accounted for on the router. Not sure what would happen if the router detected two devices attempting to register the same physical address.

If you want to get really spanky and keep devices off your network, set you network up with static IP addresses. This is what I've done. Then when you set up the IP range, don't use the common 192.168.XXX.XXX range of private IP addresses. Use the 172.16.XXX.XXX or 10..0.XXX.XXX. That way it's less likely that someone will guess what IP address range you are using. With a static IP arrangement, the person trying to get on you network via say wireless, has to know your password, then they need to know that you aren't using DHCP, then they need to know what IP address range you are using so as to pick one that they can use, then they need to know the IP address of the router (Gateway). It also helps if they know the actual subnet, but this is easier to guess than the rest. DNS addresses are easy to get, they can use Googles or OpenDNS or some other free DNS service. This takes some networking knowledge to penetrate. It also is a pain to set up initially. Once done though, you'll find managing the network is much easier. It also helps keep my kids friends off of my network unless they come see me. My kids can give them the password, but it won't connect for them until I assign them an IP address. I don't show them how it's done, I do it for them.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
It is trivial to steal a mac address.....my very favorite denial of service attack against a wireless system. You just spoof the router mac and spam deauthenticate all messages causing constant disconnects. Or you deauthenticate the mac and quickly get in before the real person can get in. This is the method used to steal session on open wifi.

Someone who really wants in will not be stopped by much other than protection of the encryption key. If you have compromised your key all your traffic can be captured and decoded so all traffic including IP can be seen.

The key problem with this discussion is the assumption that the encryption key has been compromised and you still want security,
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom