Discussion in 'Tomato Firmware' started by piyaphon, Mar 28, 2008.
How to block Mac changer Program? Or I can block computer name?
Use WEP or better yet, WPA... MAC filter is at best only one step better than unprotected. WEP isn't too far ahead either....
My guess is the OP is having a problem with someone using a program like this:
and wnts to know how to block traffic from the computer that keeps changing it's MAC address, probably in an effort to cirumvent MAC address blocking that the OP has put in place.
Certainly you can't 'block the MAC address changing program', but some scripting might do the trick...a cron job to ping the machinename (if you can resolve it from the router), extract the IP, then replace a rule in iptables by inserting the IP derived from the ping command might be implementable...unfortunately I am not a scripter...maybe I'll learn... :smile:
The marginal benefit of using MAC Filtering is simply not enough for the effort used in implementing it. U are better off using WPA/WPA2 encryption.
True. Mac filtering/WEP isn't that bad as a first line of protection since that will keep out most everyone and likely try someother unprotected router. However, once you find someone determined to use your router, then it's time to use WPA...
You can try the script generator:
to make a script that will only give bandwidth to the MAC addresses that are entered.
if you ever come back....
Tomato has the ability to block based on MAC address...now it seems you are trying to block a computer where the MAC address keeps changing. Assuming this computer is on your internal LAN, why not just use the Access Restriction page to create arule that will deny all Internet access to any MAC other than those you want to have access. Collect a list of all the devices that you wish to allow access to the internet, create a rule that denies access 'All Day, Every Day' to 'All Except', and enter your list. The only way your 'bad guy' will be able to access the internet will be to spoof the MAC of a machine already on your network. It's not perfect, but it might help....
I assumed that was what he was talking about. A person using a mac changing program sounds like someone who's trying to spoof an address to gain access to the router that's been set to allow access to only certain computers/mac addresses...
(I guess it would help if he actually went into a little more detail on what he was doing.. Like if he's restricting access to only certain mac addresses or if he's blocking certain mac addresses from access...)
I used to allow only certain MAC addresses, hoping it would add some security when I was only doing WEP encryption. I still had one client device that couldn't do WPA. While it adds some security, it does little to stop the determined. At one tiime MAC spoofing was harder but you have assume now that anyone can spoof any MAC and there is no way to tell. After I went to WPA with a strong key, I turned off the MAC filtering since it's a pain to maintain and figured I was losing nothing of value.
My guess is the OP is trying to restrict bandwidth by MAC/IP and someone that has access is getting around the restrictions. Either that or the OP is running an open AP and trying to blacklist abusers.