I own a small coffee shop in a highly-populated area. We've noticed that several computers are connecting to our WiFi network using spoofed MAC addresses (e.g. 11:22:33:44:55:66). Is there any way of identifying these machines? Is there any way to determine who these users are? I've been manually blocking these MAC addresses but they just create new addresses.
Why do we block them? Because we've been notified by our ISP that these devices are using our WiFi to perform nmap scans. They aren't just "browsing", they're using our account to find open ports on machines all over the net.