6

I've only got a basic idea about networking, Google is my teacher.

  • Router: Tenda D303
  • Location: India
  • Connection: BSNL Unlimited 1Mbps broadband.

Friends and relatives visit me often, and connect to my Wi-Fi while they're here, just for WhatsApp or emails, and nothing heavy. I tell them the WiFi password; WPS is disabled. Only I know the password to the router management page.

Since the last week or so, the connection has been very slow in my house.

  • At least 30 devices were seen in the DHCP table, even though almost 25 of them weren't in my place at the time. So I changed the DHCP lease time from the default 24 hours to 3. Speeds didn't improve.
  • Even with the 3-hour lease times, at late nights I notice at least 5 or more MAC addresses titled "DELL" connected, even though there are only two DELL laptops in my home.
  • Changed the Wi-Fi password twice, still see the strange "DELL"s in the list at nights.
  • Googled the MAC addresses, couldn't find any reliable info about them.
  • Used MAC filtering to ban 5 of these odd "DELL" addresses. They're still in the list.

Also, tried resetting, rebooting all the concerned devices, and the router at home. No improvement whatsoever.

I fear that these 5 odd MAC addresses are the cause for slow internet. What can be done?

Anders
  • 64,406
  • 24
  • 178
  • 215
NVZ
  • 141
  • 3
  • 13
  • Should I post here the MAC addresses? What screenshots would help clarify the question? Is it off-topic here? What tags suit this better? – NVZ Sep 20 '16 at 16:54
  • Does the router support bandwidth monitoring per device or even all traffic within a timeframe? If I am not mistaken then this router is a DSL router and DSL is known to be naturally slow. If you are using it as a 3G router then it is possible that the cell phone tower might be having issues. – MonkeyZeus Sep 20 '16 at 19:37
  • Are you using VirtualBox (for example) and do you have any virtual machines in your laptop? Virtual machines could explain extra mac addresses even after changing passwords. – V.Hedman Sep 20 '16 at 18:18
  • No, I'm not aware of any such things on my network. – NVZ Sep 20 '16 at 19:25
  • 1
    "I tell them the WiFi password; WPS is disabled." Then what kind of authentication scheme *are* you using? WEP? Something else? – jpmc26 Sep 20 '16 at 21:14
  • 4
    Also, what's the *information security* component here? The basic question here seems to be "slow network speeds." That seems much more like a superuser.com question. – jpmc26 Sep 20 '16 at 21:22
  • @jpmc26 I tell my friends and relatives the password while they're here. I use the WPA2-PSK / AES type. My question is, what are these unknown MAC addresses, and are they the cause for the slow internet? Also see [my first comment here](https://security.stackexchange.com/questions/137313/cannot-identify-or-block-unknown-mac-addresses?noredirect=1#comment256172_137313) and [here](https://security.stackexchange.com/questions/137313/cannot-identify-or-block-unknown-mac-addresses?noredirect=1#comment256181_137316) – NVZ Sep 21 '16 at 02:09
  • @NVZ He was asking because if you were using WEP you can assume that all your neighbourhood has access to your wifi and thus it's normal to see extraneous MAC addresses. – Bakuriu Sep 21 '16 at 06:59

3 Answers3

10

Four possibilities come into mind for your slow internet.

  1. Your neighbors are using your wifi (e.g., you are using weak security on your router like WEP or are using very weak guessable passwords - wifi passwords can be broken offline so you need strong passphrases, or your router has a backdoor your neighbors are aware of)
  2. Your neighbors are using their own router and wifi at a high rate and it is interfering with your own wifi (both operating on same part of the bandwidth)
  3. You have some sort of malware (or user installed software that uses a lot of network traffic like bittorrent) installed on one or more of your systems that is using a high amount of network traffic
  4. Your ISP is highly congested and isn't providing the advertised speed to you (due to multiplexing with other users).

To test, I'd first disable the wifi radio signal on the router and try to connect using a computer with an ethernet connection. If it's still slow, then most likely its an issue with your ISP being slow. However, it's also possible that it's due to malware (or other background software) on the one computer directly connected to the internet using a lot of traffic. You can test the malware theory by analyzing network traffic (e.g., with wireshark) or trying other computers as the only computer on your network or moving the computer to another network.

If it's not slow anymore, you can test all the computers you have on your network by directly connecting to the router via a wired connection. If all of them have fast speeds, then it's not malware on any of your computers. It's then probably either radio interference or neighbors connecting.

For radio interference you can possibly use a better router (e.g., 802.11ac handles interference better than 802.11b/g), changes the channel (small changes to frequency), switch to 5 GHz from 2.4GHz, move the computer closer to the router and/or use RF shielding to block signals from neighbors. There are tools and mobile apps to see if your area has a lot of wifi congestion; you may want to take a look at these and change your channel.

For neighbors connecting, you can use a stronger passphrase (e.g., at least 5 random words), possibly try a new router and/or use RF shielding.

dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • Thank you, very helpful. I'll try each of these and report back later. :) – NVZ Sep 20 '16 at 17:35
  • Currently, the router is on 802.11n only mode, since all my devices work well in that; I don't see any WiFi access points from my neighbours when I scan; I'm always using WPA2-PSK / AES passwords; my devices are close to the router; nobody downloading big files while I'm sorting this out. – NVZ Sep 20 '16 at 17:37
  • I have a follow-up question: http://security.stackexchange.com/q/139792/97789 – NVZ Oct 14 '16 at 18:45
4

Before you spend more time trying to fix the anomalous MAC address issue I'd suggest verifying it's the problem. Can you use wireshark to actually check that traffic is passing to/from the devices? (I would have made this a comment but for reasons I can't comprehend you require more reputation to comment than to answer)

You could also try switching to fixed (non-DHCP) IP addresses at least temporarily so that you can precisely control who has access and see if that resolves the speed issue.

user1781837
  • 41
  • 1
1

Instead of banning MAC's Look to see if your modem has a whitelist for MACS. Downside you'll have to add each family member device mac address before they can use it.

Mark
  • 11
  • 1
  • 2
    Thanks. Tried that as well. Besides, I don't have access to those computers now. It's been 3 years since I asked this Q. – NVZ Mar 21 '19 at 04:19