Hi,
the MAC addresses are completely random. So macvendors.com does not say anything. Today MAC address no longer serves as hardware signature. It is a software issue. You can spoof MAC address on any device. On Android phone, on Windows. You can even spoof MAC address of your Turris router very easily through Luci interface…
The problem persists even if I have MAC address filtering on my wifi. So we can rule out all my “smart gadgets” (Android, Windows, Blackberry…), because they all connect through wifi. If any of these devices tries to connect with fake MAC address, it would be rejected by the router.
This leaves us with only two possible suspects:
- NAS (running with custom “Alt-F” firmware)
- Turris.
I have three questions, if anyone can help:
- Majordomo is fine, but I need more data. Is it possible for majordomo to log through which network interface the connection was made? At the moment, majordomo does not distinguish between devices connected through wireless interface or ethernet port or other interfaces (such as vpn).
- Is it possible to set MAC filter on other interfaces then just wireless?
- Is it possible to write some script which would alert me whenever there is new (unknown) device (= new fake MAC) establishing connection? I am just a user and my linux skills are limited.
Thank you very much for your help!