U

Visitor

 • 

4 Messages

Thursday, December 1st, 2022 6:06 PM

Closed

MAC Address Filtering is Not Working

Hello,

I have a teenager that is using MAC address spoofing to circumvent the "device pause" featured I enabled for his devices in the Xfi App. I have repeatedly changed the WiFi password, hidden the SSID, and disabled WPS but he continues to be able to find and log onto the network.

I have MAC Address filtering set to only allow devices to connect if the specific MAC address is listed, and yet he is still able to connect to the network.

I need some help.

Best regards.

Accepted Solution

Problem Solver

 • 

1.5K Messages

2 years ago

You're not going to be able to fix that problem with Xfinity gear.  Your kid is smart, or one of their friends is, and they also crowdsource defeating parental controls on the internet.  Short of a sledge hammer on the devices?

The specific option you are looking for is on the DHCP server itself (deny unknown mac addresses), plus firewall rules to block everything else, sites and set schedules.  What you'll need?  A plain ole 3rd party cable modem (not a gateway with WiFi), a firewall appliance (build it or buy one), and depending on how large the WiFi coverage area is, either an Ethernet WiFi router or a mesh network system if you need range extenders currently.

Learning curve on your part.  For a firewall, look at netgate.com or opnsense.org.  You can build one with a junk PC or buy a small firewall appliance from netgate for around $200.  Read the docs.  Firewall controls all access on the internal network including the WiFi router.

For the short term, your Xfinity admin account is probably compromised and they are able to login as you, they check the account, and see the WiFi password.  I don't know if a secondary email account can login and see the WiFi settings or not, or perhaps they're using the phone app to see it on their phone or your phone. 

It's a failing with Xfinity, a web app to control critical infrastructure is a really really poor idea, and a local attacker with physical access is the hardest one to defeat.

You're going to have to up your game.

 

 

(edited)

Visitor

 • 

4 Messages

@flatlander3​ Thank you for the quick reply. The kid is definitely smart and can believe they crowdsource overcoming parental controls. I'll look into the firewall path.

Problem Solver

 • 

1.5K Messages

2 years ago

Another thing I should tell you about, is you can physically lock up the firewall in a box to prevent tampering, don't ever save the password for it in a browser to prevent them from logging into it, but that only controls the network you have in your house.

Xfinity also has 'hot spots' on their gear -- open access to other Xfinity customers is built into Xfinity gear.  If they have an Xfinity login, they can connect to the neighbors house if they left that feature enabled and it's in range.  Phone hot spot, and tethering to most phones works just fine too.

Keep that sledge hammer handy.

Visitor

 • 

3 Messages

2 years ago

Same issue here with teenager bypassing WiFi restrictions with a change of mac address. Does Xfinity/anyone have a solution other what Flatlander suggested, which seems like a lot of work lol 

thanks 

(edited)

Visitor

 • 

3 Messages

1 year ago

Any updates on how to stop a change of MAC address to get around restrictions? Anyone or Xfinity?

forum icon

New to the Community?

Start Here