D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] MAC address on Android


On 13/01/14 23:15, bad apple wrote:
On 13/01/14 23:04, George Parker wrote:

WPS is not enabled and I've now set wifi to WPA2 only.  Set top box?
Games console? Who they? No, I definitely don't have any other devices
out in the wild. I'll keep an eye open for any more untoward activity.
Although I suppose I could block that Mac address
I think your recent experiences should have taught you that relying on
MACs to stay reliably static and therefore blockable doesn't work very well!

I'm a bit shocked - if I had unrecognised and potentially
intruder-indicating IPs on my network I'd be in full panic/DEFCON1 mode,
you seem pretty calm though.

Not sure where you were getting your connected clients list or exactly
what it's showing, but isn't it likely to be just a list of recent
connections from your router's admin web interface? With your phone
switching MACs repeatedly it's probably had several different IPs
associated with it very recently - perhaps the .7 address is simply one
of those.

I would really, really *really* be making sure if I were you though.
Have you at least nmap'd the address, or even just pinged it to make
sure there's anything there?


I get the connected clients list from the router. The phone always has a MAC address starting 00:08:22: so the .7 wasn't that. In fact, that MAC wasn't there the day before when I first saw the changing MAC problem. I rebooted my router after I set WPA2 and the rogue MAC has not reappeared.

Google tells me that it is not uncommon for an android device to have a script which sets the MAC when connecting to wifi with a fixed first 3 octets and random for the next 3.

The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq