How to block a certain MAC address from accessing my WiFi?

[Jaxx89]

Ok so here is what is needed to know.

System Specs:

Router: Netgear WNDR3700 v1
Wireless Card Access List enabled and limited to known device by MAC address.
Password changed regularly.

WiFi guard monitors my network and reports

However I have someone in my neighbourhood who keeps hacking into my network almost everyday and this persons MAC address is nothing but 0's

Here is the image.

As you can see the MAC address shows 00-00-00-00-00-00 and Xerox Corporation as the Vendor

This is happening despite restricting my WiFI using MAC address.
Yes somehow this person is still able to access my WiFi

So my question is,
Is there any particular way in which I can block this 00 MAC address using some third party software or any other way?
Does DD-WRT FW offer this feature?

Please help me out here guys.

 

[USAFRet]

What security level are you using on the router? WEP, WPA, WPA2?

 

[Jaxx89]

WPA2-PSK [AES]

 

[USAFRet]

While WPA2 is not 100% impossible to break, it does take significant resources. How is he getting past your security key?

 

[bill001g]

Make sure you have WPS disabled on your router.

This could just be random garbage the router is putting in this table. It is not uncommon to see junk broadcast traffic with invalid mac addresses. I would try a firmware upgrade and see if it is some silly bug. A all zero mac address I don't think is valid so I don't think it would actually be usable for anything.

 

[Jaxx89]

@USAFRet I am not sure how. Which is why I want something that can block it out.

@bill001g This is my WPS settings. Should I be deselecting the other 2 options as well?

As for the random garbage, my router is unable to show any devices under the Attached Devices section which is why I am using 2 different third party softwares to monitor.(Softperfect WiFI guard and Who's On My Wifi)

WiFi Guard had stopped showing this MAC for almost 2 months now up until 2-3 days back when it started popping back up.
I also know it isn't random garbage as the 2.4GHz light on my router starts blinking(like its in use) when this MAC pops up and I have no other devices using the WiFi at that point. I disable the SSID broadcast immediately when this happens, but unfortunately I am not around always to do so and I can't completely disable it as my parents use it when I'm not around.

The firmware on my router is up to date. And as it is v1 of the particular model, there are no further FW updates available.

So I ask again, is there any software that can allow me to block this 00 MAC or does DD-WRT support it?

 

[bill001g]

I would set the disable router pin option and really hope it does disable this. There are tools that can brute force the WPS pin in 10hrs.

DD-WRT has much better monitoring tools it can actually produce reports itself of connected machine and such.

I am going to bet this is false positive from the tools. It would be really nice if they were a little more clear how they think they can do this. They in no way can really tell what is connecting between the router and external machine. They can only tell things the PC running the monitoring software can detect. I am going to bet they are monitoring ARP broadcast and other broadcast packets. Of course if a device does not send them out they can not detect them. You see all kinds of garbage broadcast packets in a network so you have to be very careful to think they mean anything.

The only way a tool could see data being send and received to a router was to capture wireless data. Because these are windows based tools and microsoft has disabled the ability to put a wireless nic into promiscuous mode they can't be doing that. Even so the router actually does accept connections from any mac address but then quickly terminates them. This is one the known denial of service attacks against wireless. So any software that runs even on the router need to find a way to determine successful connection compared to ones that the router rejects.

Most the reason I suspect this 00000 one is a false positive is you see that all the time in wireshark captures. Certain ethernet drivers are using a hardware acceleration. The capture point is in the software and the macs are always 0000 but if you capture them at the switch after they come out the machine they have the correct address. It could easily be these tools are being lied to by the OS.