Jump to content

Device 'MAC' Address


Recommended Posts

For a while now i have been using a wireless network watcher. this gives me a list of devices that are using my internet router. It's use was just to make sure the younger members of the household weren't secretly using the games console or mobile devices when they shouldn't. most devices give their identity, ie, what it is, and even make and model. however, some devices do not. It also logs first time device logs on to network, as well as the last or current time. ALL devices however give their 'MAC' address. 

So my query relates to...

There is a device I do not recognise. there is a 'MAC' address, and the log times. but that's it. hoping that someone hasn't hacked into my internet router, and it's innocent. I know one approach is to reset the router password, but just curious to what this device is...

62-4E-A2-EB-7E-21

the above is the 'MAC' address. i believe this is unique  to each device and the first few characters identify make and model.

a bit of searching has proved fruitless, even though there are sites which claim to be able to identify these details.

searching goes into details about 'OUI' and so forth.

anyone on here can give me a pointer?

also if it wasn't wise to give out a full 'MAC' address on a public forum, let me know!

TIA

Link to post
Share on other sites
2 hours ago, sometimewoodworker said:

Almost all Routers allow you to blacklist Mac addresses, so the easiest thing to do is to blacklist that MAC address and find out what stops working.

thanks for that @sometimewoodworker. you say 'almost all...' mine doesn't it seems. i've logged into it, searched through all options, and the nearest thing i can do to a blacklist (i think) is a 'static lease'. i've put one suspect device information into this, and will wait and see if that stops it. i turned off the router overnight, and the suspect device hasn't appeared online as yet. i will wait and see what happens. 

the router i have is a technicolor, so not an all singing dancing one. i'm due to change it soon (January'ish) so hope to get a better one. 

if limiting the static lease time to 120 seconds (minimum) for the device doesn't work, then i guess i will have to live with it...for now.

thanks for your help once again TVF guys.

Link to post
Share on other sites
3 hours ago, OneMoreFarang said:

Google mac address lookup

But like @RichCor wrote above, that does not work with all MAC addresses.

 

done that, believe me i've searched and searched, even going to the IEEE webpage, no joy. seems there are many 'ghost devices' out there.

Link to post
Share on other sites
3 hours ago, jastheace said:

thanks for that @sometimewoodworker. you say 'almost all...' mine doesn't it seems. i've logged into it, searched through all options, and the nearest thing i can do to a blacklist (i think) is a 'static lease'. i've put one suspect device information into this, and will wait and see if that stops it. i turned off the router overnight, and the suspect device hasn't appeared online as yet. i will wait and see what happens. 

the router i have is a technicolor, so not an all singing dancing one. i'm due to change it soon (January'ish) so hope to get a better one. 

if limiting the static lease time to 120 seconds (minimum) for the device doesn't work, then i guess i will have to live with it...for now.

thanks for your help once again TVF guys.

The static lease time will have no effect.

however making sure that you have a WPA password protected connection and changing the password to something like 

“m!Q_GmLMZ.9aJ3Y3AiYvrri6” will ensure that only authorised devices are able to connect.

Link to post
Share on other sites

@sometimewoodworker

YEY!!!

having changed my router name and password and the same on the 5G bit, when i scrolled down a bit further, i found the 'Access Control List', options include 'blacklist' and 'whitelist'. so have added the suspect MAC's to that also. should be all good now. 😘

Many thanks !!!

Link to post
Share on other sites
4 hours ago, jastheace said:

as you said, made no difference, neither did ToD settings. 

I've copied and pasted the password suggestion so only TV users can hack in. 👍🤫

If you want a more secure password then just add an underscore a 6 character word and an underscore somewhere in that.

& am I permitted a small  “I told you so”? 😉 

Edited by sometimewoodworker
  • Thanks 1
Link to post
Share on other sites
12 hours ago, jastheace said:
15 hours ago, OneMoreFarang said:

Google mac address lookup

But like @RichCor wrote above, that does not work with all MAC addresses.

 

done that, believe me i've searched and searched, even going to the IEEE webpage, no joy. seems there are many 'ghost devices' out there.

It only confirms that the device you see has no "official" MAC address. And likely that device will be able to generate a new MAC address as soon as it needs it - if you block the current MAC.

Maybe just use a white list with devices and MAC addressed which are allowed in your network. If someone buys a new device and wants to use it they can contact you and you can add the address - if you want.

  • Thanks 1
Link to post
Share on other sites
8 hours ago, OneMoreFarang said:

It only confirms that the device you see has no "official" MAC address. And likely that device will be able to generate a new MAC address as soon as it needs it - if you block the current MAC.

Maybe just use a white list with devices and MAC addressed which are allowed in your network. If someone buys a new device and wants to use it they can contact you and you can add the address - if you want.

good idea. will do that if it happens again, just want to see if it happens again first though.

i may change my supplier in January, which means a new router, so probably -if no problems in the mean time- will do all that at the same time.

scary that someone can log into my router and use my broadband even though the security is something like 'WPA2+WPA' (can't remember exactly, but something like that). as i said, hoping it was 'innocent', but even with the kids out, and turned off the house power except the router, the device still existed.

and @sometimewoodworkeryou can give a large portion of 'I told you so', this time anyway.

the access control list only came to light when logged into the router as 'engineer', initially i was in as 'admin' so some functions were hidden.

anyway, all good now, fingers crossed. 😍 cheers again guys.

Link to post
Share on other sites
5 minutes ago, jastheace said:

even though the security is something like 'WPA2+WPA'

 

Unfortunately a 'vulnerability' for WPA was found in 2008 and one for WPA2 was discovered in 2018. So if one of your family members isn't the one giving out the passcode then it's a simple hack away.   :sad:

 

New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks

BleepingComputer | By Lawrence Abrams | August 6, 2018 

 

Setting your router to use only WPA2 and providing it a long/complicated random alpha/num/char (as previously suggested) and WHITLISTING authorized connection devices should keep unwanted users at bay. 

 

  • Thanks 1
Link to post
Share on other sites
26 minutes ago, RichCor said:

 

Unfortunately a 'vulnerability' for WPA was found in 2008 and one for WPA2 was discovered in 2018. So if one of your family members isn't the one giving out the passcode then it's a simple hack away.   :sad:

 

New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks

BleepingComputer | By Lawrence Abrams | August 6, 2018 

 

Setting your router to use only WPA2 and providing it a long/complicated random alpha/num/char (as previously suggested) and WHITLISTING authorized connection devices should keep unwanted users at bay. 

 

Humm

the important point is

Quote

It should be noted that this method does not make it easier to crack the password for a wireless network. It instead makes the process of acquiring a hash that can can be attacked to get the wireless password much easier.

So yes you can now get the hash, you are absolutely correct.

But that is extremely unlikely to help much if a random selection of characters have been used.
 

So government level computing resources have a better chance of getting access, but no, nobody is doing a drive by crack of your access point.

 

also whitelisted MAC addresses, by itself, is no protection against someone with minimum ability as they are transmitted in the clear and spoofing a MAC address is a trivial exercise, it is similar to not transmitting your SSID as a security option, yes it will stop grandma if she’s not a skilled user but not her grandkids.

Link to post
Share on other sites
2 hours ago, jastheace said:

good idea. will do that if it happens again, just want to see if it happens again first though.

i may change my supplier in January, which means a new router, so probably -if no problems in the mean time- will do all that at the same time.

scary that someone can log into my router and use my broadband even though the security is something like 'WPA2+WPA' (can't remember exactly, but something like that). as i said, hoping it was 'innocent', but even with the kids out, and turned off the house power except the router, the device still existed.

and @sometimewoodworkeryou can give a large portion of 'I told you so', this time anyway.

the access control list only came to light when logged into the router as 'engineer', initially i was in as 'admin' so some functions were hidden.

anyway, all good now, fingers crossed. 😍 cheers again guys.

I am not sure, but maybe the list of connected devices shows any device which wants to use your WLAN.

Technically any device establishes a connection and then a password must be entered. But there is already some kind of connection. I don't know when a connection is officially called a connection, only if the password is correct or already before that when the device tries to connect.

 

One thing what you can do in at least some routers is to monitor which device is using which services. I.e. in my home I have of email use and my girlfriends has GBs of watching YouTube. You should see what the unknown device is using - or maybe not using anything because of a wrong password. 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...