What's new

New device accessing network with various MAC addresses on used IP address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

randye007

Occasional Visitor
Hi All,

I have a situation where a device is accessing one of my home networks on an IP address used by my son's iPhone. It comes in on the same IP address every time when my son's iPhone is not connected. Every time it comes in with a new MAC address I cannot lookup. This has happened 4 times in the last 3 months. Thankfully, I have a Fing device which, by default, blocks all new devices that have not been confirmed by me. In addition, I have Wireless MAC filtering enabled on my Access Point along with standard wireless security (WPA3).

How is this possible and what is the intent?

If it is a wireless device, the wireless MAC filtering would have denied access. However, if MAC spoofing was being used, wouldn't the device be using the iPhone MAC address and not some random MAC address?
How is it even successfully coming online in my network (but being blocked by Fing)?

Thanks for any advice on this ...
 
Hi All,

I have a situation where a device is accessing one of my home networks on an IP address used by my son's iPhone. It comes in on the same IP address every time when my son's iPhone is not connected. Every time it comes in with a new MAC address I cannot lookup. This has happened 4 times in the last 3 months. Thankfully, I have a Fing device which, by default, blocks all new devices that have not been confirmed by me. In addition, I have Wireless MAC filtering enabled on my Access Point along with standard wireless security (WPA3).

How is this possible and what is the intent?

If it is a wireless device, the wireless MAC filtering would have denied access. However, if MAC spoofing was being used, wouldn't the device be using the iPhone MAC address and not some random MAC address?
How is it even successfully coming online in my network (but being blocked by Fing)?

Thanks for any advice on this ...

Could it be the client is using random MAC addressing, an Apple security feature... check the client's network settings.

OE
 
Could it be the client is using random MAC addressing, an Apple security feature... check the client's network settings.

OE

Thanks for the quick reply!

Yes - the iPhone is using Private Addressing. They way I understand it works is that a random MAC address is assigned to each new WiFi network the iPhone connects to. However, the MAC address shown in the iPhone settings under Private Addressing (for this particular network) is not what's showing up when this new device is connecting. Am I maybe not understanding this functionality correctly?
 
Thanks for the quick reply!

Yes - the iPhone is using Private Addressing. They way I understand it works is that a random MAC address is assigned to each new WiFi network the iPhone connects to. However, the MAC address shown in the iPhone settings under Private Addressing (for this particular network) is not what's showing up when this new device is connecting. Am I maybe not understanding this functionality correctly?

I'm not familiar with random MAC addressing behavior. If the IP is your client, then I think you have it figured out... except how to simplify your oversight of it... is MAC filtering worth the admin overhead?

OE
 
Turn off private addressing on the phone for this network.

Is that a 'per network' setting? The powers to be apparently feel that private addressing is advisable.

OE
 
In theory, an iPhone using "private addressing" should continue to use the same randomized MAC address each time it connects to a given network. If you see the MAC address changing, then either the phone thinks it's seeing a new network or it just forgot the previous randomized MAC address. I have seen my wife's iPhone and iPad change their randomized MAC addresses recently for no obvious reason --- maybe an iOS update triggered it? But all our other iDevices have held steady for quite some time.

Anyway, if you are trying to filter on MAC address then it's not worth the hassle of dealing with this. Just turn off "private addressing" for your house network and then use whatever the phone's real MAC address is. I think it is a good idea to enable private addressing for outside networks for privacy's sake, but obviously that consideration doesn't apply to your own net.
 
Thanks for the quick reply!

Yes - the iPhone is using Private Addressing. They way I understand it works is that a random MAC address is assigned to each new WiFi network the iPhone connects to. However, the MAC address shown in the iPhone settings under Private Addressing (for this particular network) is not what's showing up when this new device is connecting. Am I maybe not understanding this functionality correctly?

Not sure with iPhone but android rolled out a feature you can enable that randomizes it every time it connects, even to the same network - so Apple may have done the same.
 
once associated - it does not change on ios unless the user takes action to either forget the network, or reset network settings...

Possibly coming soon to an iphone near you though. Android added it at some point recently (disabled by default). I think it was with 13 but maybe 12.
 
you're guessing - you don't know for certain, do you?

This is kinda like trump - those russians might have an issue with ukraine, but it's only possible...

Yeah I'm 100% guessing, that's why I said "possibly". I have no idea, I don't track anything to do with Apple. Just mentioning that Android has it and the two tend to copy each other eventually.

I don't have enough money to pay off porn stars.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top