DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

MAC Address Filter Limit Vigor 2860n

  • nairnmonster
  • Topic Author
  • Offline
  • New Member
  • New Member
More
29 May 2020 16:04 #96260 by nairnmonster
MAC Address Filter Limit Vigor 2860n was created by nairnmonster
Hi,

I've looked on manuals and internet but can't find an answer. Why is MAC address filtering limited to 64 entries and is there a way to increase this?

Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).

Basically, the list is getting quite full and need to start thinking about new ways to defend.

Any help or advise would be great.

Thanks as always

Steve

Please Log in or Create an account to join the conversation.

More
30 May 2020 01:03 #96262 by hornbyp
Replied by hornbyp on topic Re: MAC Address Filter Limit Vigor 2860n

nairnmonster wrote:
Why is MAC address filtering limited to 64 entries and is there a way to increase this?


I can't answer the 1st part and suspect the answer to the 2nd part is probably "no" :cry:

but he also wrote:
Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).

Basically, the list is getting quite full and need to start thinking about new ways to defend.



So is this a common occurrence? (I'm guessing we're talking about a student suburb - rather than 'normal' neighbours?)

Is your current strategy effective? ... do you think you've had (approaching) 64 separate 'attackers' - or one attacker, who tried 64 times? - that might influence your next move...
...If it's just one, maybe you could setup a honeypot, that would let them connect in to a network that offers access to nothing at all :wink: ... then you could start to investigate them.

You could think about enabling the "Strict bind" option in "Bind IP to MAC", so they can't get a DHCP address (in concert with an 'unexpected' network address, such as a 10. or 172. range, so they can't guess at a static one).

Or you could move away from the simple "Shared Key" to an 802.1x implementation - but, obviously, this isn't trivial.

One simple solution, might be to re-position the Router so that its signal does not travel too far in unintended directions. (ISPs in particular, seem to like to boast about how 'powerful' their Wifi is - Personally, I thought it was highly undesirable when I discovered that a Virgin Media Super Hub was accessible 50m away!...)
(If necessary, you could lower the "TX" power on the 2860n - but this might reduce connectivity inside your house)

Please Log in or Create an account to join the conversation.

More
30 May 2020 10:52 #96263 by piste basher
Replied by piste basher on topic Re: MAC Address Filter Limit Vigor 2860n
Just out of interest how do you know when someone has tried to access your wifi? Are you using WLAN syslog?

Please Log in or Create an account to join the conversation.

More
08 Jun 2020 22:38 #96322 by admin
Replied by admin on topic Re: MAC Address Filter Limit Vigor 2860n
And tried to access...but presumably failed because they don't know your password...so why bother ?



Forum Administrator

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami