[SOLVED] How can I mac-filter smartphones if the MAC address is randomized?

Rodion15 · Jul 9, 2021

I’d like to use MAC filtering to block devices from my SOHO WIFI router. Now I found that apparently the MAC address changes to a “virtual one” (however you call this fake MAC address) as both Android and iOS phones use Mac Randomization (not sure how this works, if the MAC address changes every x hours or on each reboot?).

Is there any way I can block these devices from my router? I also have a TP-Link Deco P9 hybrid powerline-Mesh system.

Maybe I can just disable mac randomization on this devices?

I found that you can know if a MAC address is randomized by looking at the 2nd character: it would be a 2, 6, A, or E.

I use this for parental controls.

Any help much appreciated

vov4ik_il · Jul 9, 2021

Why not whitelist instead? Create a list of allowed devices and turn off dynamic mac on the ones that are whitelisted.

kanewolf · Jul 9, 2021

Rodion15 said:
I’d like to use MAC filtering to block devices from my SOHO WIFI router. Now I found that apparently the MAC address changes to a “virtual one” (however you call this fake MAC address) as both Android and iOS phones use Mac Randomization (not sure how this works, if the MAC address changes every x hours or on each reboot?).

Is there any way I can block these devices from my router? I also have a TP-Link Deco P9 hybrid powerline-Mesh system.

Maybe I can just disable mac randomization on this devices?

I found that you can know if a MAC address is randomized by looking at the 2nd character: it would be a 2, 6, A, or E.

I use this for parental controls.

Any help much appreciated

You will be much more successful by implementing parental controls on the device rather than the network. But you can do a few things that can help. Using a parental friendly DNS provider. Something like this -- https://www.howtogeek.com/79998/protect-your-kids-online-using-open-dns-2/
Don't give out your WIFI password to the kids. If they want to connect, make them come to you and YOU type in the password. Change the password periodically.

USAFRet · Jul 9, 2021

And don't allow this:

[SOLVED] - Should I allow cracked programs on my PC?

My son likes installing cracked programs on our PC (some of them are unafordable, such as Vegas Pro). Windows 10 often flags them as trojans and quarantines or recommends removing them. He insists that he checks YouTube videos and stuff and that these are just false positives. My view is that...

forums.tomshardware.com

Rodion15 · Jul 10, 2021

kanewolf said:
You will be much more successful by implementing parental controls on the device rather than the network. But you can do a few things that can help. Using a parental friendly DNS provider. Something like this -- https://www.howtogeek.com/79998/protect-your-kids-online-using-open-dns-2/
Don't give out your WIFI password to the kids. If they want to connect, make them come to you and YOU type in the password. Change the password periodically.

Interesting, I'll look at that DNS thing that when I have a gap.

Rodion15 · Jul 10, 2021

USAFRet said:
And don't allow this:

[SOLVED] - Should I allow cracked programs on my PC?

My son likes installing cracked programs on our PC (some of them are unafordable, such as Vegas Pro). Windows 10 often flags them as trojans and quarantines or recommends removing them. He insists that he checks YouTube videos and stuff and that these are just false positives. My view is that...

forums.tomshardware.com

That was sorted out by a wipe and reinstall and parental controls.

Do you have kids? Even the most pious ones do silly things that are better dealt with reason than with a slap

Rodion15 · Jul 10, 2021

vov4ik_il said:
Why not whitelist instead? Create a list of allowed devices and turn off dynamic mac on the ones that are whitelisted.

Done. Thank you.

bill001g · Jul 10, 2021

Assume your kids will quickly google how to bypass opendns especially if they are say older than 13 or 14. What you need to do is find a way to prevent them from changing the DNS server on their device. If you can't you can try if your router has a firewall block all traffic to port 53 except for the 2 IP of opendns.

This will stop the simple bypass but if they are really determined they will find host files or vpn.

Note most parental control software on routers is close to worthless. Almost all data is encrypted which prevents what was called deep packet inspection. The only other hole was to intercept DNS but chrome and other browsers now support fully encrypted DNS so that has closed that method.

Maybe better to attempt to just log what they are doing rather than block it. That way they will never know if they have bypassed you and you can tell them you monitor them and they will always be afraid you will catch them.

USAFRet · Jul 10, 2021

Rodion15 said:
That was sorted out by a wipe and reinstall and parental controls.

Do you have kids? Even the most pious ones do silly things that are better dealt with reason than with a slap

Yes....Kids + grandkids.

The 'slap' comment was metaphorical.

Search

[SOLVED] How can I mac-filter smartphones if the MAC address is randomized?

Rodion15

Distinguished

vov4ik_il

vov4ik_il

Admirable

kanewolf

Titan

USAFRet

Titan

[SOLVED] - Should I allow cracked programs on my PC?

Rodion15

Distinguished

Rodion15

Distinguished

[SOLVED] - Should I allow cracked programs on my PC?

Rodion15

Distinguished

bill001g

Titan

USAFRet

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page