NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
nonnumericdave
Apr 14, 2018Initiate
How do you whitelist MAC addresses on the XR500
I just purchased the XR500, and after performing the basic setup, I'm trying to figure out how to whitelist MAC addresses. I see I can blacklist a MAC address from the "Device Manager", but that is ...
- Apr 14, 2018
ACL was removed in the latest firmware, I believe it had some stability issues. MAC address filtering provides no real security, rather like hiding your SSID, but it does provide a false sense of security in my view. It is so easy to spoof by someone using say kali linux and Wireshark for instance. There are even videos on youtube to show how to do it! You really are better off using something like a 8-16 character ASCII WPA2 password. Also some operating systems use MAC address randomisation, like Apple for instance and MAC filtering can actually make connection to the router more problematic.
Killhippie
Apr 14, 2018Prodigy
ACL was removed in the latest firmware, I believe it had some stability issues. MAC address filtering provides no real security, rather like hiding your SSID, but it does provide a false sense of security in my view. It is so easy to spoof by someone using say kali linux and Wireshark for instance. There are even videos on youtube to show how to do it! You really are better off using something like a 8-16 character ASCII WPA2 password. Also some operating systems use MAC address randomisation, like Apple for instance and MAC filtering can actually make connection to the router more problematic.
- nonnumericdaveApr 14, 2018Initiate
Thanks for clarifying what happened to this feature.
I totally agree that MACs are easy to spoof. But I would not downplay the security of MAC whitelists. An attacker would either have to identify a whitelisted MAC that is currently not is use or attempt to take the resource from an already-authed whitelisted MAC, at which point the original device would probably attempt a reauth. The additional element of timing in both cases makes this attack difficult in practice.
But really, I am super disappointed that Netgear would remove a documented feature due to a bug, rather than address it with a fix. There are two or three pages in the manual dedicated to this feature. From the sounds of it, it may never be reintroduced.
- Netduma-FraserApr 14, 2018NetDuma PartnerI don't work for the Netgear Development team which covers settings, I can only speak for the Netduma team for DumaOS features. Likely it was removed for the last firmware as it was too late to fix for that release.