Discussion topic: Sky Q Hub ER115 No MAC address filter

This message was authored by: Jonty1512 · ‎07 Jun 2022

Hi there

I've just received a Sky Q router ER115 to replace my jurassic Sky Hub SR102 and i can't seem to find any kind of wireless access control within the router software such as a Mac address filter. Am I missing something here or is there no other form of security on the router other than a single password?

TIA

John

This message was authored by: mae-3 · ‎07 Jun 2022

@Jonty1512

Quite correct, the only means of securing the wireless is via a WPA2-AES password which is shown at this current time to be secure. MAC address filtering can be spoofed and transmitted in the clear on the stack header for the packages of data over wireless, so there is no point using that method for security on wireless.

-------

Zen internet on FTTP (900Mbps down, 100Mbps up). SAT> IP (Apple 4K 2nd gen TV to LG C1 OLED UHD TV/Dolby Atmos Denon AVR, DacMagic Plus for Hi-Res audio), hosting own blog/forum (cluster), OPNsense & Zenarmor L4/L7 NGFW & DPI IDS/IPS, Asus ET12 Pro Tri-Band wifi, Linux, Gamer: Xbox Series X/i7 laptop, round-robin DNS over HTTPS, non-proprietary VoIP HD AMR-WB (G.722.2) and more... Beta tester Apple iOS/watchOS/tvOS/iPadOS/macOS.

This message was authored by: John_o · ‎07 Jan 2024

With more and more devices getting connected to the network, a password leak somewhere along the

line becomes more likely.

What about being able to generate a White list of MAC addresses of devices which you

allow access to your network (thus rejecting those MACs that are not on the list).

I don't see a way of doing this on my SkyQ hub.

So what if somebody can read the MAC address of a connected device - that MAC is already taken

and trying to re-use it on the same network won't work, right?

So would this also be considered a waste of time?

This message was authored by: TimmyBGood · ‎07 Jan 2024

@John_o wrote:

I don't see a way of doing this on my SkyQ hub.

MAC level control typically isn't found on domestic ISP routers: the vast majority of subscribers would never use it, and realistically the hardware is built to minimal budgets and manufacturered in the hundreds of thousands.

It's perhaps worth noting that several million Q Hubs become obsolete when PSTN switches off at the end of 2025 because they have no voice functionality, and it's unclear what the Sky plan for that is.

* * * * * * *
Sky Glass 55" (on ethernet) & two Stream Pucks (one ethernet / one WiFi)
BT Halo 3+ Ultrafast FTTP (500Mbs), BT Smart Hub 2

This message was authored by: mae-3 · ‎07 Jan 2024

@John_o

If the MAC is in use two devices with the same MAC will work but you'll get interference between the two devices and effectively both devices block each other. Spoofing is so easy that MAC filtering isn't worth doing for security either whitelisting or blacklisting by MAC. As stated the MAC address is transferred in the clear in the 4-way handshake in WPA2-AES with WPA3 then it is secure the MAC address in the 4-way handshake is encrypted.

-------

Zen internet on FTTP (900Mbps down, 100Mbps up). SAT> IP (Apple 4K 2nd gen TV to LG C1 OLED UHD TV/Dolby Atmos Denon AVR, DacMagic Plus for Hi-Res audio), hosting own blog/forum (cluster), OPNsense & Zenarmor L4/L7 NGFW & DPI IDS/IPS, Asus ET12 Pro Tri-Band wifi, Linux, Gamer: Xbox Series X/i7 laptop, round-robin DNS over HTTPS, non-proprietary VoIP HD AMR-WB (G.722.2) and more... Beta tester Apple iOS/watchOS/tvOS/iPadOS/macOS.

Discussion topic: Sky Q Hub ER115 No MAC address filter

Sky Q Hub ER115 No MAC address filter

All Replies

Re: Sky Q Hub ER115 No MAC address filter

Re: Sky Q Hub ER115 No MAC address filter

Re: Sky Q Hub ER115 No MAC address filter

Re: Sky Q Hub ER115 No MAC address filter

Was this discussion not helpful?

Search Sky Community

Start a new discussion