What's new
By:

Kids bypassing Parental Controls (Time Scheduling) via band switching & MAC randomization on AiMesh

Rana Imran

Rana Imran

Occasional Visitor
Hi. I’m looking for some advice on how to secure my Parental Controls. I am currently running an AiMesh setup and relying on Time Scheduling to manage internet access for my kids' Apple and Android devices at night.
  • Main Router: Asus RT-AX82U (Firmware: 3.0.0.4.388_25101)
  • AiMesh Node 1: Asus RT-AX82U (Wired backhaul)
  • AiMesh Node 2: Asus DSL-AC68U
  • General Config: All of my family's devices are normally connected to the 5GHz band. Guest Networks 2 & 3 are active (2.4GHz).
I have Time Scheduling set up under Parental Controls to block the kids' devices at a specific time. However, when the lock time hits, the kids simply switch their Wi-Fi connection over to the 2.4GHz band and bypass the block entirely, regaining full internet access.

I assume this is happening because switching bands triggers iOS's "Private Wi-Fi Address" and Android's "MAC Randomization" features. The router sees a brand-new MAC address, assumes it's a new device, and grants it unrestricted access outside of my Parental Control rules.

I thought about using Wireless MAC Filtering or assigning Manual IPs. However, because both Apple and Android devices can rotate their MAC addresses, a standard "Reject" MAC filter or static IP assignment won't work? They will just generate a new MAC and bypass the filter again.

Has anyone found a bulletproof workaround for this on ASUS firmware? Any advice would be greatly appreciated!

Thanks in advance.
 
Confiscate the kids devices for a period of time as punishment for their enabling or activating the randomize MAC on their devices and bypassing your Internet/WiFi rules. Be the parent and not their friend.

Another workaround is to change all the WiFi passwords and make sure not to give them to the kids. Do not have any open WiFi networks, password protect everything with strong passwords. Change the passwords frequently if the kids are discovering the password(s).

Another possible option. Every non kid WiFi device should have their MAC randomization disabled. Then included all those WiFi devices in the MAC filtering allow list on the non kids WiFi. Hopefully this way the kids devices will be rejected for not being on the allow list. There are still ways around this, and it does add some extra work for you to setup an allow list for all your WiFi devices, but it adds one level of complexity for the kids to overcome.

In the end though you have a kid violating your rules problem not a router problem. Trying to solve that problem using the router to avoid dealing with the kid violating your rules is just a band-aid on the underlying issue.
 
@Rana Imran Don't worry, I'm sure some sanctimonious stranger on the internet will come along and start giving you parenting advice. Because obviously they know more about your family circumstances than you do and their parenting skills are superior to your own.
 
Just change the SSID and Password of the 2.4GHz band and don't give it out to anyone.
 
Rana Imran said:
Hi. I’m looking for some advice on how to secure my Parental Controls. I am currently running an AiMesh setup and relying on Time Scheduling to manage internet access for my kids' Apple and Android devices at night.
  • Main Router: Asus RT-AX82U (Firmware: 3.0.0.4.388_25101)
  • AiMesh Node 1: Asus RT-AX82U (Wired backhaul)
  • AiMesh Node 2: Asus DSL-AC68U
  • General Config: All of my family's devices are normally connected to the 5GHz band. Guest Networks 2 & 3 are active (2.4GHz).
I have Time Scheduling set up under Parental Controls to block the kids' devices at a specific time. However, when the lock time hits, the kids simply switch their Wi-Fi connection over to the 2.4GHz band and bypass the block entirely, regaining full internet access.

I assume this is happening because switching bands triggers iOS's "Private Wi-Fi Address" and Android's "MAC Randomization" features. The router sees a brand-new MAC address, assumes it's a new device, and grants it unrestricted access outside of my Parental Control rules.

I thought about using Wireless MAC Filtering or assigning Manual IPs. However, because both Apple and Android devices can rotate their MAC addresses, a standard "Reject" MAC filter or static IP assignment won't work? They will just generate a new MAC and bypass the filter again.

Has anyone found a bulletproof workaround for this on ASUS firmware? Any advice would be greatly appreciated!

Thanks in advance.
Click to expand...
So I had the same issue but ended up making 2 blocks one for the NIC MAC and one for the Wireless MAC. I was not aware of a MAC Randomization other than a spoof. Dang.
 
You must log in or register to reply here.

Similar threads

P
Anyone successfully using Parental Controls - Time Scheduling on an ASUS router right now?
Replies
0
Views
2K
pcb
P
A
Need help with parental controls on RT-AX58U V2: Trying to use OpenDNS but open to other ideas
Replies
1
Views
2K
jacklul
jacklul
U
Block the Kids
Replies
6
Views
2K
sfx2000
sfx2000
G
RT-AC68U new interface for parental controls time scheduling
Replies
4
Views
4K
Josh Schneider
Josh Schneider
J
Compiling a extreamly basic Asus firmware stripped of every single add-on made
Replies
4
Views
2K
Hawk
Hawk

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 41,023 (members: 15, guests: 41,008)
Back
Top