How do you drop an unknown wireless client?

[space-time]

you could also hide your network (SSID)

[Black]

Dakota wrote:
There is a reason my network is open. I have an old Mac-Mini that uses an ASUS wireless stick. Somehow it doesn't understand whatever encryption I enable in Airport Extreme. Anyway, the original question stands. BTW, DHCP/Wireless client list doesn't get updated as clients come and go.

You got your answer. Turn on MAC address filtering.

[Doc]

silvarios wrote: Unfortunately, the MAC address is broadcast in the clear. That's why it doesn't work.

It works because almost nobody knows how to capture and spoof a MAC address and because those who do know how will usually have easier and more lucrative targets available.

[Carm]

Doc wrote:
[quote=silvarios]Unfortunately, the MAC address is broadcast in the clear. That's why it doesn't work.

It works because almost nobody knows how to capture and spoof a MAC address and because those who do know how will usually have easier and more lucrative targets available.
Very true.

[cbelt3]

I am in the process of 'closing' my open networks for this reason.. my neighbor (whom I told "Yeah, no problem, you can log in") has started streaming in some serious bandwidth stuff, and my family is complaining about bandwidth.

And yes, the damn cheapo wireless dongles have various methods to deal with WEP and WPA and whatnot. Serious PITA.

After having it closed for a week to keep him off, I reopened it until I can figure this all out. Jeezo... we have, uhm, let's see...

Wireless macs - 3 regular+ 3 'hangar queens'
Wireless hackintosh- 1
Wireless windows -2
iDevices - 3
Other wifi devices (games, PDA's, ereaders, etc.)- 5

Administering all those network passwords is a pain.

[Black]

cbelt3 wrote:
I am in the process of 'closing' my open networks for this reason.. my neighbor (whom I told "Yeah, no problem, you can log in") has started streaming in some serious bandwidth stuff, and my family is complaining about bandwidth.

And yes, the damn cheapo wireless dongles have various methods to deal with WEP and WPA and whatnot. Serious PITA.

After having it closed for a week to keep him off, I reopened it until I can figure this all out. Jeezo... we have, uhm, let's see...

Wireless macs - 3 regular+ 3 'hangar queens'
Wireless hackintosh- 1
Wireless windows -2
iDevices - 3
Other wifi devices (games, PDA's, ereaders, etc.)- 5

Administering all those network passwords is a pain.

And why not MAC address filtering for you? All you would have had to do is uncheck the neighbor in the client list. He probably made it easy for you by naming his computer with his name.

[Mac1337]

Black wrote:

And why not MAC address filtering for you? All you would have had to do is uncheck the neighbor in the client list.

In Airport Extreme I don't see a way to selectively disconnect a client. That is what this thread is all about.

[silvarios]

Black wrote: And why not MAC address filtering for you? All you would have had to do is uncheck the neighbor in the client list.

It may be a little more involved than "unchecking the client". Generally, you need to enable MAC address filtering and then type the allowed WiFi MAC addresses into the settings.

cbelt3,
If you think managing passwords is a pain, wait until you have to collect MAC addresses from every device. If the device isn't already whitelisted to join it won't be able to connect to the network (pretty sure it filters ethernet connected devices as well). Since the client can't join your network, you won't have a nice central list of MAC addresses to copy and paste into your access controls. That means you will have to go to each device to collect all the MAC addresses.

At this point, configuring encryption is just as easy and will keep out any user, not just the casual/accidental leeches. Pick a compatible encryption method (WPA2 Personal if everything is compatible), create the longest password supported--63 or 64 characters, enter the password once, and never again worry about it. If I can manually type one of those super long pseudo random passwords into my phone, I have faith you can too.

This page will generate pseudo random passwords for you, https://www.grc.com/passwords.htm

Keep hitting refresh to get new ones.

[silvarios]

Dakota wrote: In Airport Extreme I don't see a way to selectively disconnect a client. That is what this thread is all about.

Why would we answer your question when we can suggest pain in the butt solutions that may or may not work? You know, like MAC address filtering.

Dakota, our point is that you can't really kick someone off your network without managing access. If you booted the rogue client, his system would most likely auto connect, or at worst, the rogue client would have to manually select your network again.

Is it feasible to wire the Mac mini to your network?

[N-OS X-tasy!]

Black wrote:
[quote=silvarios]
[quote=Black]
If he enabled MAC address filtering, and this person turned out to be a reasonably clever free loading cretin, and managed to get back in, would Dakota not see the MAC address reappear in the client list?

He would notice one of his allowed devices is connected. Then what? Would Dakota start blocking his own MAC address?
The clever cretin would spoof one of Dakota's MAC addresses?
Why are they not doing that now?

This discussion always stops making sense right about here.
Agreed. silvarios assumes every user out there is an IP expert - an excellent assumption if your goal is to maximize your WLAN security, but that is clearly not Dakota's goal here.