Community Forum

MAC address filtering for TG1682G, bug?

Frequent Visitor

MAC address filtering for TG1682G, bug?

I just found out that for TG1682G, MAC address filtering options "Allow All" and "Allow" are the same thing. I think this is a bug in the firmware of the device. To elaborate:


In the menu selection of "Gateway > Connection > WiFi" of the TG1682G router, the description therein, quoted, is as follows:

 

MAC Filter Setting is specific to each Network Name (SSID). Select a MAC Filtering Mode.

* Allow- All (Default): All wireless client stations can connect to the Gateway; no MAC filtering rules.
* Allow: Only the devices in the "Wireless Control List" are allowed to connect to the Gateway.
* Deny: Wireless devices in the "Wireless Control List" are not allowed to connect to the Gateway.

 

The setting which I've selected is "Allow", the middle one.


So, I brought my work laptop home and on it, selected my home network, connected and entered the WIFI password. The problem is that it connected to the internet right away. I was expecting that the laptop would not be able to connect to the router at all, unless I had added the MAC address to the allowed devices list. However the laptop was able to connect, obtain an IP address via DHCP and reach the outside world, the Internet. That is, even if devices know the WIFI password, they shouldn't be able to connect to the router, unless either,
* the "Allow" option is selected and their MAC address has been added to the "Known devices" list, or

* the "Allow All" option has been selected, in which case knowing the WIFI password is all that's needed.

 

And herein I believe lies the bug. The behaviour above, seems to be consistent with "Allow All" setting. But I've selected "Allow"--meaning, I'm expecting to have to click on "Add" under the "Learned devices" list, to add it to the "Known devices" list in order to allow the laptop to connect to the router, obtain an IP address and subsequently reach the outside world.


This is the behavour I'm used to--I've had this router for the past 4 years, and I remember previously, I've done the exact same thing with other devices and I've had to login to the router and add the MAC address to the known devices list manually or select "Add" from the learned devices list, before the device was able to obtain an IP address and reach the outside world. (I've always had "Allow" the selected option in the "MAC filtering" section.)


This seems to me to be a bug in the firmware. This is the firmware version the router shows to be running at the moment:


eMTA & DOCSIS Software Version:10.1.11.SIP.PC20.CT
Software Image Name:TG1682_2.7p6s2_PROD_sey
Advanced Services:TG1682G
Packet Cable:2.0


Can anyone suggest a solution, or if this is a legitimate bug, file one with the developers?


TIA.

Frequent Visitor

Re: MAC address filtering for TG1682G, bug?

Bump.

 

Anyone know where I can file a bug with the firmware team of the TG1682G?

 

I believe this is a bug in the firmware where "Allow All" is the same as "Allow" setting.

Expert

Re: MAC address filtering for TG1682G, bug?

I’ve having a similar problem with MAC address filtering through xFi. No device is pausing at all. Even after 10 minutes. Currently I’m writing this via a supposed to be paused device.
Frequent Visitor

Re: MAC address filtering for TG1682G, bug?

Yeah, unless the device's MAC address is in the Allowed devices' list, it shouldn't be able to connect to the WIFI router, regardless if it knows the WIFI password or not. <-- This is how it used to be for "Allow" option, which is the one I've always had selected.

 

I called customer support and they recommeded I get xFi. I declined.

 

So it appears that both have the same bug, and subsequently I'd presume both device's firmware comes from the same source code containing the bug.

 

This is a big security bug. If they don't fix it, I'm thinking of buying my own modem and returning this rental back to Comcast--it'll save me $10 per month, plus no buggy MAC filtering firmware.

Regular Visitor

Re: MAC address filtering for TG1682G, bug?

I've talked to Comcast about this. It is not a bug. It simply is a feature they do not want to give.

 

On this related subject, were you aware that all new modems from comcast have a hidden 2nd attenna that are broadcasting free wifi with no password needed? Yup! It's called a "Public Hotspot" and they are rolling this out across the USA.

You can read more about that here:

https://www.itworld.com/article/2858142/mobile-wireless/dont-want-your-comcast-router-to-be-a-public...

 

I suspect that mac filtering is something they don't want so anyone passing by can up your usage, lower your bandwidth and tax your electricity. In effect they are making your home a business asset of theirs. 

 

What reason would they have to do this, well the spin the operators give is that "everyone will have extended access to the internet anywhere they go where other comcast customers reside". But how will anyones device be recognized? My friend visited the other day, he doesn't use comcast but his phone connected to the "wifi xfinity hotspot". This means your house is now a public antenna. Seeing as how there are no mac filters I just don't see how that applies in the least. Sounds like B-S to me. The fact that we are paying $10 a month for the modem to make a hotspot for comcast is ludicrious. All to offer it's traveling customers free internet using your property, your installation @ $70.00 per technician visit for internal infrastructure work and your electricity. I'm sure the guy who thought of this got a corner office.

 

So then I asked the support person "what stops me from just cancelling my comcast and mooching off of my neighbors... Her answer "It won't be as fast or reliable".


The other benefit to xfinity is less technical support. Example; When lamers who don't know how to connect to their own network or know their own wifi password, won't need to drive up comcasts support queue costs because there will always be a password free "Xfinity WiFi" available for their devices. And at a lower bandwidth thereby costing less when used in lieu of the broadband they are paying for. Times that over millions of lamers using the 2ndary antenna and you've got significant profits and overhead saved.

 

So that prompted me to start monitoring all mac's connected to my private network. Since I can't use a "MAC FILTER", which is the best way to secure your wifi incase intruders make it past your password (which has been in use for over 20 years by most standard routers) I felt it was neccessary to keep tabs on it.

I found a very odd mac address connected 00:05:04:03:02:01. So I googled it and wouldn't you know there are many other comcast customers wondering what the heck that mac is too!

Strange mac: http://forums.xfinity.com/t5/Your-Home-Network/unknown-node-on-my-LAN/td-p/2407079

 

Finally after much reading I found one answer with no explanation "it's a comcast firewall". Since when does a software firewall need a mac address? I am wondering if it is related to that the 2nd hidden "PUBLIC HOTSPOT" antenna. All this time I thought "Xfinity WiFI" was some dip neighbor who didn't put a password on their router. Nope, it was mine all along. I've been getting pimped out by comcast! And you probably are too! Unscrupulous!


If you don't feel ripped off and bent over I think you need to re-think this thing.  So then I looked into it more and found there have been lawsuits. Even with that they are still doing this. This is what happens when the oligarchy has unlimited funds in  politics for bribery. A monopoly that allows big companies to do whatever they want. Soon your freedoms of choice will all but be a thing of the past. At least that is where I see this going.

 

Lawsuit article: http://www.sfgate.com/business/article/Comcast-sued-for-turning-home-Wi-Fi-routers-into-5943750.php

Frequent Visitor

Re: MAC address filtering for TG1682G, bug?

Solved!

 

Bought my own equipment. Connected and installed!

 

MAC address filtering works like a charm with the 3rd party wifi router.

 

Decreased my monthly bill by $10, as I'm no longer renting Comcast's equiment.