Hi,

I've looked on manuals and internet but can't find an answer. Why is MAC address filtering limited to 64 entries and is there a way to increase this?

Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).

Basically, the list is getting quite full and need to start thinking about new ways to defend.

Any help or advise would be great.

Thanks as always

Steve

nairnmonster wrote:
Why is MAC address filtering limited to 64 entries and is there a way to increase this?

I can't answer the 1st part and suspect the answer to the 2nd part is probably "no"

but he also wrote:
Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).

Basically, the list is getting quite full and need to start thinking about new ways to defend.

So is this a common occurrence? (I'm guessing we're talking about a student suburb - rather than 'normal' neighbours?)

Is your current strategy effective? ... do you think you've had (approaching) 64 separate 'attackers' - or one attacker, who tried 64 times? - that might influence your next move...
...If it's just one, maybe you could setup a honeypot, that would let them connect in to a network that offers access to nothing at all :wink: ... then you could start to investigate them.

You could think about enabling the "Strict bind" option in "Bind IP to MAC", so they can't get a DHCP address (in concert with an 'unexpected' network address, such as a 10. or 172. range, so they can't guess at a static one).

Or you could move away from the simple "Shared Key" to an 802.1x implementation - but, obviously, this isn't trivial.

One simple solution, might be to re-position the Router so that its signal does not travel too far in unintended directions. (ISPs in particular, seem to like to boast about how 'powerful' their Wifi is - Personally, I thought it was highly undesirable when I discovered that a Virgin Media Super Hub was accessible 50m away!...)
(If necessary, you could lower the "TX" power on the 2860n - but this might reduce connectivity inside your house)

Just out of interest how do you know when someone has tried to access your wifi? Are you using WLAN syslog?

And tried to access...but presumably failed because they don't know your password...so why bother ?