For queries about your TalkTalk broadband service.
on 15-02-2024 07:53 PM
Hi,
I can see some mac addresses on my network I do not recognise and I am suspicious of, because I added all my devices one at a time and named them something I recognise. I am concerned these unknown devices may be 3rd parties or hackers.
How can I drop them from the network or even ban their mac addresses from connecting?
Thank you.
on 27-02-2024 11:07 AM
Morning,
How are you getting on?
Thanks
Michelle
on 24-02-2024 02:43 PM
Hi @Divsec
I changed the wifi password, NOT the SSID, and also the admin password, then restarted the gateway.
I don't think knowledge of the SSID should make much of a difference should it? The device would still need to authenticate with the router before accessing the network? If it does, how is it important?
Then I configured ALLOW in Access Control to add specific mac addresses, because if I ALLOW ALL these additional mac addresses appeared.
on 24-02-2024 02:12 PM
Hi @entheos good to hear things are improving. Did you actually change the ssid and password? In the WiFi settings rather than the router password?
24-02-2024 02:07 PM - edited 24-02-2024 02:30 PM
Thanks @Divsec that was a good suggestion.
I did that - changed the router and admin console password and lo and behold, there were still some mac addresses that were appearing which I can't account for.
Because the TalkTalk admin interface is so pathetically restrictive, and you can't just kick people off or ban individual mac addresses from the network (which after a reset would solve the problem), I have had to resort to Access Control to ONLY ALLOW the mac addresses that I configure to participate on the network.
This HAS SOLVED the issue, but I am still concerned how these mac addresses were accessing the network, even after a password change and reboot.
This is IMHO overkill. It would be much easier to be able to "DENY ACCESS" in the same way as assigning a static IP address, or changing the name of a device into a friendly name (come on TalkTalk, bring in this functionality). If we could have a DHCP network, with WPS functionality, but also allow an easy way to ban a specific unknown mac address, that would be vastly better.
I've checked my Mac which is healthy in terms of malware.
I wondered whether a less well-known device like a fridge was joining the network, but I don't have any such smart devices. Also, the IP addresses were changing as well as staying the same, suggesting different devices joining at different times.
I have since been wondering whether the iphones in the house advertise a different mac address to the physical address stated in the settings of the phone. This is the only explanation I can think of, and it was corroborated here:
https://superuser.com/questions/1759196/how-do-networks-identify-iphones-when-their-mac-addresses-ar...
My questions now are:
1. If I restrict access to physical mac addresses, how do I manage the network to accommodate phones that change their addresses each time? I run the risk of restricting access, which has currently happened - our phones can only work on wifi through the wifi extender, and not via the main network!
2. If I were to open up the network again, how can I determine whether an unknown mac address belongs to a specific phone, and how can I manage that, or trace back the mac address to confirm that it's my son's phone for example? Can I do that in the TalkTalk admin panel somehow (imagining not)?
It seems one solution may be to turn off the function on the iphone that uses different mac addresses, but then that is restricting the security on the iphones themselves. I may try this later.
Thanks for any help anyone can give, whether from TalkTalk or knowledgable user.
Best wishes.
on 15-02-2024 08:14 PM
Hi @entheos least technical way would be to change your WiFi password? Pita if you have lots of devices.