Showing results for 
Search instead for 
Do you mean 
Reply
fremitus41
Posts: 3
Registered: ‎01-27-2012

E4200 multiple unknown MAC's in filter list

I have a few desktops in my home network with a new E4200 router. 

Have to add my wifes Lenovo notebook to the net and activated MAC filtering as addition to the WPA2.

Set her MAC address in the filter list. Only one MAC is allowed to access WLAN.

An hour later I see in the Filter list four (4) different and unknown MAC adresses added to the list. (???)

Do I have to worry?  I removed them and all works well.

 

Expert
sabretooth
Posts: 5,327
Registered: ‎11-11-2008

Re: E4200 multiple unknown MAC's in filter list

You don't need MAC filtering as it does nothing for security.  As long as you have WPA2-AES you are good for the next 100 years.

somms
Posts: 129
Registered: ‎03-20-2008

Re: E4200 multiple unknown MAC's in filter list

[ Edited ]

sabretooth wrote:

You don't need MAC filtering as it does nothing for security.  As long as you have WPA2-AES you are good for the next 100 years.


This does not apply to the majority of Linksys/Cisco wireless routers w/gimped firmware unable to turn WPS off.  Their WPA2-AES can be cracked in a couple hours easy...

 



FTTH

Member of the Professional Aviation Safety Specialists Union!
fremitus41
Posts: 3
Registered: ‎01-27-2012

Re: E4200 multiple unknown MAC's in filter list

Thanks for your answer.  But it is not a question of using the MAC filtering yes or no and if it is needed.

I just wondering where the other unknown MAC addresses comes from when i use it.

Some hidden system settings, hackers or other causes?  I did not put the MACs into the router page. Just my own.

I will probably have another router within 100 years so I do not worry.

Expert
sabretooth
Posts: 5,327
Registered: ‎11-11-2008

Re: E4200 multiple unknown MAC's in filter list

You need to check all the devices in and around your home attempting to access your wireless including your neighbors to verify their MAC address if need be.  Only you will be able to tell what you have around you. 

 

As far as the WPS pin issue, yes this a problem, but not his question and it a separate issue for Linksys/Cisco routers.  Spoofing MAC addresses has been around for 15 years and is easy too.  However in the case of Linksys/Cisco routers it will make if more difficult to crack their WPS pin. 

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: E4200 multiple unknown MAC's in filter list

[ Edited ]

somms wrote:

sabretooth wrote:

You don't need MAC filtering as it does nothing for security.  As long as you have WPA2-AES you are good for the next 100 years.


This does not apply to the majority of Linksys/Cisco wireless routers w/gimped firmware unable to turn WPS off.  Their WPA2-AES can be cracked in a couple hours easy...


That is not correct. You cannot crack WPA2-AES in a couple of hours. Reaver doesn't crack the WPA2-AES keys. It cracks the WPS PIN which allows you to retrieve the WPA2-AES directly from the router. WPS is like a backdoor into the router to retrieve the passphrase. WPA2-AES is still extremely secure. If you could disable WPS the WPA2-AES network would be perfectly secured.

 

WPA2-AES cannot be cracked at this time.

 

The wireless MAC filter generally doesn't provide security. MAC addresses are always transferred unencrypted thus they are very easy to find. I would not bother with the wireless MAC filter.

 

I think the appearing MAC addresses is a bug in the router firmware. But it's difficult to tell if you don't post the MAC addresses you have found...

somms
Posts: 129
Registered: ‎03-20-2008

Re: E4200 multiple unknown MAC's in filter list


gv wrote:

somms wrote:

sabretooth wrote:

You don't need MAC filtering as it does nothing for security.  As long as you have WPA2-AES you are good for the next 100 years.


This does not apply to the majority of Linksys/Cisco wireless routers w/gimped firmware unable to turn WPS off.  Their WPA2-AES can be cracked in a couple hours easy...


That is not correct. You cannot crack WPA2-AES in a couple of hours. Reaver doesn't crack the WPA2-AES keys. It cracks the WPS PIN which allows you to retrieve the WPA2-AES directly from the router. WPS is like a backdoor into the router to retrieve the passphrase. WPA2-AES is still extremely secure. If you could disable WPS the WPA2-AES network would be perfectly secured.

 

WPA2-AES cannot be cracked at this time.

 

The wireless MAC filter generally doesn't provide security. MAC addresses are always transferred unencrypted thus they are very easy to find. I would not bother with the wireless MAC filter.

 

I think the appearing MAC addresses is a bug in the router firmware. But it's difficult to tell if you don't post the MAC addresses you have found...



This does not apply to the majority of Linksys/Cisco wireless routers w/gimped firmware unable to turn WPS off.  Their WPA2-AES can be 'obtained' easily in a couple hours...

 

Thanks for pointing this out and I have amended my previous statement above!:smileyhappy:



FTTH

Member of the Professional Aviation Safety Specialists Union!
fremitus41
Posts: 3
Registered: ‎01-27-2012

Re: E4200 multiple unknown MAC's in filter list

<<

I think the appearing MAC addresses is a bug in the router firmware. But it's difficult to tell if you don't post the MAC addresses you have found...>>

 

Mac 1 and 2 are my desktops. They have no Wireless capability.
Mac 3 and 7 are my laptops. Wireless connect.
Mac 4, 5, 6 and 8 are the unknown.
I only entered the 3 and 7 into the filter page.

 

ScreenHunter_01 Jan. 27 22.27.jpg

RogerSC
Posts: 485
Registered: ‎08-01-2009

Re: E4200 multiple unknown MAC's in filter list

Don't forget the not-obvious wireless devices that you may have (not laptops or smart phones).  I switched to tomatoUSB firmware on my e4200 because of the WPS exploit, which also makes identifying odd MAC addresses a little easier.  For example, I forgot about my wife's Kindle, and our Roku box is also there, as well as my iPhone and an ethernet bridge that I use to connect a Verizon Network Extender.

 

With the tomatoUSB firmware, you can go into the "device list", and click on [oui] for each MAC address that you can't immediately identify, and that gave me enough information to identify them all.  Except for my wife's Kindle, which drove me crazy until I remembered it and went and checked the MAC address on it manually...the results from using the oui search were not useful for that one device.

 

If you're using WPA2/AES, I'll bet that all the MAC addresses that you see are in your house somewhere.  Of course, if there's someone sitting out front of your house or apartment in a car with a laptop cracking your WPS pin, that's another problem *smile*.  One that I don't have with tomatoUSB firmware, but I just saw that Linksys says that they'll have new firmware that allows really turning off WPS in early March *smile*.  After using the tomatoUSB firmware for a while, I don't think that I'll be going back to Linksys firmware.