Bypass MAC address internet time filtering?

Question

My brother disabled my internet access for my devices from 10pm - 6am. The internet on his devices still work 24/7. I am still connected to the WiFi but there is no internet access because he did a MAC address time filter. I use my iPhone and my laptop.

Is there any way to get around this?

Questions asking to break the security of a specific system are off-topic. I would suggest taking this up with your brother, or talking to your parents. Or maybe you should sleep while the network is off. — forest, Jul 22 '18 at 00:52
The interpersonal aspect blurs the lines a bit. When people are being abused and manipulated, and having access to network resources held over them as an element of control (which may or may not be the case here, but take a look at the hot questions on parenting.SE for a depressing look at how common this is), internet access can be a lifeline. It may be more constructive at that point to view it as asking for advice on overcoming a denial-of-service attack, rather than asking for advice on bypassing access control. — user371366, Jul 22 '18 at 04:38
You seriously need to talk to your brother/parents. If your bypassing rules set by your parents you will probably be punished more strictly. No phone/laptop for a month or etc I wouldn't risk it. If your brother made the rules up without your parents consent they will tell him to stop it. — cybernard, Jul 22 '18 at 16:49
He turned off my internet access because he doesn’t want me staying up late:( also I don’t know my router admin password because he changed it — Jimmy Bahoe, Jul 22 '18 at 21:24
You may want to ask a question here - https://interpersonal.stackexchange.com/ - to achieve what you want without recourse to something that may create conflict with your brother. — camden_kid, Jul 23 '18 at 08:35

score 62 · Answer 1 · edited Jul 23 '18 at 16:32

You can defeat your brother's access restrictions, either by a timing-attack or side-channel attack.

In a timing-attack, you wait for a sufficient time, your brother will remove the MAC filtering for your device.

If you cannot wait for the time-based attack to succeed, you can use a side channel attack and connect to the internet via an alternative channel, such as GSM or a friendly neighbor.

Joke aside, MAC spoofing is a way to overcome MAC filtering. Since MAC-filtering is (usually) only tied to the MAC-address assigned to a network interface controller, you can change your MAC-address to match the one of an unfiltered device. This is a relatively easy process, but can cause harm (Denial of Service), depending on network equipment and configuration.

On wired networks, switches are usually only designed to forward traffic destined MAC-address to one port. If multiple ports have the same MAC-address, the network logs might contain warnings of MAC-flapping and alert the administrator. This blog post demonstrate how the network can become unreliable for devices that share the same MAC-address.

On wireless networks, sharing the same MAC-address usually do not lead to the same problems as on a wired network. The reason for this is that the wireless network is a single network port (a single radio interface) with multiple connected devices. There are no alternative ports for packets to take as long as both devices are connected to the same access point over WiFi.

Sometimes, you also have to clone the IP-address of an unfiltered device (this is also dependent on the network devices that handle MAC-addresses). This can lead to another set of problems:

If your network adapter is set to DHCP, you might be issued the same IP-address as your target device.
You and the target device can get visual warnings about IP-address conflict.
Your and the target device might drop connections that belong to the other.

If possible, try to use statically configure the adapter to use an unused IP-address. If you absolutely have to also spoof the IP-address, wait for the device to disconnect from the network. There is a tool called CPScam that is used to bypass captive portals (which most commonly use MAC-filtering). This tool will monitor the network for active devices, and alert you whenever a device leaves the network. If you impersonate a device that is no longer on the network, it should not cause harm or alarms, at least not until it reconnects.

Depending on the number of available resources and their characteristics, brute-force attack against the brother might work as well. — alecxe, Jul 22 '18 at 00:25
@JimmyBahoe You attack him like a brute and force him to turn off the filtering. — Barmar, Jul 23 '18 at 00:02
@JimmyBahoe [This XKCD comic](https://xkcd.com/538/) describes the "brute force attack" mentioned above. — March Ho, Jul 23 '18 at 01:15
I guess he can also use "Man(*of the house*) In The Middle" attack, and ask his dad to intervene. :P — Mohd Abdul Mujib, Jul 23 '18 at 06:47
Ahh...yeh, lets also not forget the good ol' `fishing` technique, where you treat your brother to a nice smokey bbq'ed fish and he removes the block, and If he doesn't budge then go for the best tool in the "younger siblings toolkit", DoS attack, which refers to your Denial Of any Service he requests, like bringing moar fish from the kitchen etc. This should totally work. — Mohd Abdul Mujib, Jul 23 '18 at 06:54

score 19 · Answer 2 · answered Jul 21 '18 at 23:15

19

You could change your MAC address to something different. If he simply blacklisted your MAC addresses, it should be sufficient enough to generate a random address. If he whitelisted his own addresses, you can change your MAC address to that of one of his devices. Note that if there are multiple devices using the same MAC address simultaneously, the involved devices will likely experience connectivity issues.

Changing your MAC address depends on your platform, and I do not think this is possible to do on an iPhone. There is plenty of information out there on how to do this on a desktop or laptop, however.

answered Jul 21 '18 at 23:15

multithr3at3d

12,355
3
29
42

Do u know how to spoof MAC address on windows ? – Jimmy Bahoe Jul 21 '18 at 23:36
3

Should be easily researched online. Usually it can be done from the particular network adapter's settings. – multithr3at3d Jul 21 '18 at 23:46
1

@JimmyBahoe: Check your network adapter properties in device manager. Usually there is an option to change the MAC address. – Xaqron Jul 22 '18 at 00:44
2

What about getting the MAC address of a device that the brother doesn't dare to mess with but that is typically not functioning at night like a parents desktop computer? – trognanders Jul 22 '18 at 07:18
Alternatively just mess with his MAC, so that he can't use the internet either until he removes the restriction. Counter-Offense is the best defense! – Peter Harmann Jul 22 '18 at 11:16
Also he uses this app called fing which shows all the connected devices and their MAC address etc – Jimmy Bahoe Jul 22 '18 at 21:26

score 5 · Answer 3 · answered Jul 22 '18 at 12:35

5

Reset the router.

MAC blocking is not an effective means of censoring internet access if you already have physical access to the router, which is likely since you live in the same home.

There is usually a physical button recessed into the device that you can press with a paperclip to reset it. This will allow you to regain access by resetting it to factory settings. The exact location of this button varies by device.

However, it is important to note that your brother will likely notice that the MAC filters (or other configurations) have been removed, and put them back on and/or bar you from physically accessing the router.

answered Jul 22 '18 at 12:35

March Ho

1,675
1
12
15

16

Depending on the router this may permanently interrupt internet access for everyone (could erase contract credentials required by the ISP) – Felipe Pereira Jul 22 '18 at 13:34
Whatever the OP does to bypass the MAC filter, his brother can - depending on his knowledge - implement new restrictions to disable internet access again. The only surefire way to get around the restrictions permanently is to seize control of the router. This will be noticed and have consequences. If your brother's in the wrong, there are less disruptive ways to handle this. If it were my router and you actively try to get around my MAC filter, I'd simply add a guest network for you, and give you the password of that one. Turn off the guest network and you're gone, no matter your MAC address. – Aaa Jul 22 '18 at 16:35
@Aaa: Just capture the password for the real network next time a device reauths to it... – R.. GitHub STOP HELPING ICE Jul 22 '18 at 16:42
He will know that I reset the router because he changed the name of the ssid – Jimmy Bahoe Jul 22 '18 at 21:25
1

You only need to reset it when you brother is absent. If you reset the router (and the ISP connection still works), the admin interface will also be accessible with default credentials. This means you can change SSID and the WiFi password back to the old values. He'll only notice when he tries to access the admin interface, which might not happen for weeks or months, as long as everything still works. – helm Jul 22 '18 at 22:26
1

@Aaa it will only be noticed if the router isn't running something like OpenWRT with an impersonating web interface that visually matches the old web interface. For bonus points, it can e-mail the username and password entered. Then the old firmware can be reinstalled so that the brother's future firmware updates don't cause suspicion. – Chai T. Rex Jul 23 '18 at 00:48
1

@schroeder That is very situational. In many parts of the world, ADSL is still common and PPPoE credentials (even preconfigured ones) will be wiped on reset. For example, this applied to the vast majority of connections in Australia pre-NBN. – Bob Jul 23 '18 at 03:11

Bypass MAC address internet time filtering?

3 Answers3

Reset the router.