Skip to content →

HOWTO: Restrict unwanted access to your router

If you own or use a wireless router, you probably know about the security issues surrounding the use of a wireless network. In it’s most basic sense, the router transmits an Internet connection wirelessly to any device that can receive the signal within a proper range. That means, with an open network, anyone can connect to your router and use your Internet connection if they have a wireless card and are in range. That means external people can use up your bandwidth, AND, they may carry out malicious activity on your account. There are various security features to help keep routers protected. If you don’t care too much about the security of your data (as in packets being sent over the network), but you do want your wireless signal to be restricted, then I have an easy solution. It’s called MAC Address filtering (also called the Access List on my router).

mac-filter1.jpg

Get your MAC Addresses

The first thing you need to do it collect your MAC Addresses from all of the computers you want to ALLOW on the network. In Windows, open a command windows and enter the command ipconfig /all. You may also follow a previous tip I wrote about and enter cmd /k ipconfig /all into the Run box. Scan through the output for the line “Physical Address“. Write down the number/letter sequence on that line and keep track of them all. The Physical address is another name for a MAC (Media Access Control) address, because the MAC is unique for each piece of hardware and burned into it.

Create your “Access List”

Now it’s time to put the list together. Each router is different. My Netgear calls MAC filtering the “Access List.” Find your version of the access list and enter your respective MAC addresses into the list.

mac-filter2.gif (click image to enlarge)

What it does and doesn’t do
This method is intended to keep only the people you trust connected to your router. There is no encryption with this method. Any person not on the list will not be able to connect to the network.

This method does not include encryption, so any packets that are sent over a network can be sniffed. This means anyone outside the network can use a packet sniffer to try to see what you’re doing. This probably won’t happen, but I’m just wanring you that this method does not involve any encryption.

mac-filter3.jpg

As you can see, the network is considered “Unsecured” since there is no encryption. To anyone, it looks like they’ve found free Internet access, but when they try to connect, they will get a message saying they are unable to connect.

Published in security

3 Comments

  1. SomeGuy SomeGuy

    A good idea. However, I think that any ‘malicious’ person could simply find out the MAC of a client on the network. Then spoof their own MAC to be the same as the client’s MAC. Then they could connect to you’re network as if there was no protection at all. If you knew what you were doing, you could probably gain access in a few minutes.

    I’d recommend a nice and long WPA key to keep people like myself out.

  2. Anti-Christ Anti-Christ

    I think that people shouldn’t be so fucking rude by hacking others, people who pay good money, work hard and do things legally for there internet and computers, you are all sad fucks and really need to get a better grasp on life because allll this hacking shit is fucking up the world and even though you might think its all jolly and dandy its not! you are causing problems and thee problems people DO NOT NEED! So when you’re hacking someone think about this “What if I was bein hacked, what if it was my computer/bandwidth being stolen and used by another person?” then you will kno what that person is thinking about you and how we all fucking hate you for doing such a fucked up thing to us!

    You hackers are the scum of the net, you all sicken me.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.