Wildcard for MAC-Filters?

[Bonny]

I'am using an MAC-Address-Filter in my local WLAN-router. i know, it dosen't boost security much, but anyway... I got 2 chinese devices (Tablet & Smartphone) who change their MAC-Address every time they boot up. So i have to register them new every time

Question: Is the a way to enter a wildcard MAC Address into the router, so that he allows all addresses that (for example) start with 03:21:00 - And the last 3 values can be anything?

I already tried this...

03:21:00:**:**:**
03:21:00:??:??:??
03:21:00:*
03:21:00:**:**:**
03:21:00:

But the rounter dosen't accepted anyone of that...

Is there a solution for this Problem?

 

[tech3475]

What router?

 

[Bonny]

DON CH6640E

https://anonym.to/?https://images.g...nterbrochen-besetzt/1_big.jpg?v=1490176251000

--------------------- MERGED ---------------------------

English User Guide:

https://anonym.to/?https://ktech.no/CG6640E_User_Guide_English.pdf

 

[FAST6191]

Manual's page on mac filtering says only 20 devices so can't presumably do the create every viable one and go from there. If it is limited to 20 it probably does not have a fun thing in the HTML management setup. Can't rule out some undocumented function within telnet management or something.

That said why are using mac filtering? It is generally considered all but useless. Indeed the only use I have ever found is if you are doing some kind of isolated and free network setup (think two ports beside each computer, one able to access whatever it likes, the other locked to the network with all the goodies on, secure network mac blocked from internet one in case someone gets the bright idea to swap ports to get all the internet on the main supposed to be secure machine)

It looks like you can have up to 4 guest wifi networks. Can you maybe use one of those instead?

Alternatively maybe buy a secondary router and lock that down as necessary for the other devices.

 

[Bonny]

Thanks for looking into my issue so deeply, i'll guess i'll set up an other Network for those 2 devices... or as you suggest: Maybe stop the whole MAC Filtering at all. Has it really no regarding in security at all?

 

[FAST6191]

Maybe stop the whole MAC Filtering at all. Has it really no regarding in security at all?

Your experience alone says how sacred mac addresses really are.
In a technical sense then I guess Windows made it marginally harder to spoof them a few years back, though in practice... https://www.groovypost.com/howto/change-mac-address-windows-10-why/ . Linux, which is what runs all those nice wireless cracking programs, has no such qualms.

You might also get the security by obscurity factor. Today most will not likely have encountered mac address filtering and not immediately think to snatch it and fake one, and possibly knock another offline to steal theirs, though if they are blindly following a guide it will possibly include such a step. However security by obscurity is not security at all.

About the only use it has is allowing your friends or someone non technical to join your wifi and not have the change the password for all the other devices on it afterwards if you don't want them using it after they have gone. Assuming you don't need them to access network shares (though even then you might have options) you have guest network options for a reason though, several of them in this. With mac addresses you can do a few more fancy things in some routers (it will be one of the things many of the "free half hour, pay after that" type setups use, and those "fill in our survey/join our mailing list" thing you might get redirected to in a restaurant) but this is not that, though some consumer ones might allow you to assign bandwidth to different ones.

 

[Bonny]

Your experience alone says how sacred mac addresses really are.
In a technical sense then I guess Windows made it marginally harder to spoof them a few years back, though in practice... https://www.groovypost.com/howto/change-mac-address-windows-10-why/ . Linux, which is what runs all those nice wireless cracking programs, has no such qualms.

You might also get the security by obscurity factor. Today most will not likely have encountered mac address filtering and not immediately think to snatch it and fake one, and possibly knock another offline to steal theirs, though if they are blindly following a guide it will possibly include such a step. However security by obscurity is not security at all.

About the only use it has is allowing your friends or someone non technical to join your wifi and not have the change the password for all the other devices on it afterwards if you don't want them using it after they have gone. Assuming you don't need them to access network shares (though even then you might have options) you have guest network options for a reason though, several of them in this. With mac addresses you can do a few more fancy things in some routers (it will be one of the things many of the "free half hour, pay after that" type setups use, and those "fill in our survey/join our mailing list" thing you might get redirected to in a restaurant) but this is not that, though some consumer ones might allow you to assign bandwidth to different ones.

Thanks for the detailed reply!