# Lifestyles & Discussion > Science & Technology >  Can I block a MAC address from access to my computer?

## Nate-ForLiberty

My roommate is irrationally getting pissed about bandwidth allocation in the house. He says he's going to start recording everyone's internet activity. How can I block his MAC address? Or is there some other course of action I should take. 

(Already tried to work everything out by talking. At the moment on the surface everything seems ok, but this guy just bothers me. I know he'll do it anyway.)

----------


## Uriel999

> My roommate is irrationally getting pissed about bandwidth allocation in the house. He says he's going to start recording everyone's internet activity. How can I block his MAC address? Or is there some other course of action I should take. 
> 
> (Already tried to work everything out by talking. At the moment on the surface everything seems ok, but this guy just bothers me. I know he'll do it anyway.)


tell him to suck it and continue life accordingly.

----------


## Nate-ForLiberty

> tell him to suck it and continue life accordingly.

----------


## Danke

"'From each according to his ability, to each according to his needs'

----------


## pcosmar

Well there is this,
*How to spoof a MAC address*
http://blogs.techrepublic.com.com/security/?p=395

Or you can tunnel.
http://en.wikipedia.org/wiki/Tunneling_protocol

Of course I would try reasoning with your roommate first.

----------


## specsaregood

I'd be more worried about him installing a keylogger and auto-screencapper when I'm not around.  If you have physical access to a machine, that trumps all else.

----------


## angelatc

I was wondering about something like this. I need to shut off IPod access to wireless after #1 son goes to bed.  

Can it be done at the router or something?

----------


## specsaregood

> I was wondering about something like this. I need to shut off IPod access to wireless after #1 son goes to bed.  
> 
> Can it be done at the router or something?


Usually yes, depends on the router.

----------


## pcosmar

> I was wondering about something like this. I need to shut off IPod access to wireless after #1 son goes to bed.  
> 
> Can it be done at the router or something?


Yup. all access can be controlled from the router. You can even set times of available access.

----------


## GunnyFreedom

The BEST solution there would be to pick up a cheap 1 to 4 port router, connect the WAN port to your normal internet interface, and a LAN port to your machine, and _only_ allow your own MAC address on the LAN.  Of course, that will tie you down to a cable instead of wireless, but it would be uber-secure.  Now that I think of it, you could do the exact same thing with another wireless router, actually, and thus retain your cable-less freedom. 

So pick up a wireless router, plug it into a free network port on your existing LAN, and program your new wireless to ONLY allow your own MAC address on it's LAN, and then set your machine up to use ONLY that router, and the only access he will have to your traffic is as it passes over the currently existing router back to the ISP.  Unless it's a high-grade commercial router that is already now installed, then he will be unable to run a packet sniffer on it and your traffic should be safe.

----------


## GunnyFreedom

As to physical access to your machine, specs is correct.  If I were you I'd lock that feller down with a brutal password (one that challenges on awakening) and never never never leave it awake when unattended.

----------


## GunnyFreedom

> I was wondering about something like this. I need to shut off IPod access to wireless after #1 son goes to bed.  
> 
> Can it be done at the router or something?


It's a bit technical, and the procedure varies from brand to brand on the router interface, but yes, most routers today will allow you to program access windows by time schedules for given device IP's and MAC addresses.  It will be more of a headache to do it manually every time, but that could probably be scripted if you have a higher grade home router.

----------


## angelatc

> Yup. all access can be controlled from the router. You can even set times of available access.


Thanks. That's what I thought, but I can't even figure out how to determine what the MAC address is.  And I hate to ask him - ruins the fun of the surprise banning.

----------


## GunnyFreedom

> Thanks. That's what I thought, but I can't even figure out how to determine what the MAC address is.  And I hate to ask him - ruins the fun of the surprise banning.


The router itself should (or at least CAN) log the MAC addresses of the devices which access it.  Best place to get the MAC address will be from the router logs itself.

----------


## pcosmar

Your router assigns an address to each machine.

For example.
192.168.01
192.168.02
192.168.03

Now check the network connection on your computer, and block all other  connections.

----------


## specsaregood

> The BEST solution there would be to pick up a cheap 1 to 4 port router, connect the WAN port to your normal internet interface, and a LAN port to your machine, and _only_ allow your own MAC address on the LAN.  Of course, that will tie you down to a cable instead of wireless, but it would be uber-secure.  Now that I think of it, you could do the exact same thing with another wireless router, actually, and thus retain your cable-less freedom. 
> 
> So pick up a wireless router, plug it into a free network port on your existing LAN, and program your new wireless to ONLY allow your own MAC address on it's LAN, and then set your machine up to use ONLY that router, and the only access he will have to your traffic is as it passes over the currently existing router back to the ISP.  Unless it's a high-grade commercial router that is already now installed, then he will be unable to run a packet sniffer on it and your traffic should be safe.


Depending on your router also there is an easier way.  I know some of the linksys routers come with the ability to prohibit any activity between computers on the LAN.   This setting in linksys routers is: *AP Isolation.*  It is turned off by default.

----------


## GunnyFreedom

> Depending on your router also there is an easier way.  I know some of the linksys routers come with the ability to prohibit any activity between computers on the LAN.   This setting in linksys routers is: *AP Isolation.*  It is turned off by default.


I was assuming, given the nature of the narrative supplied by the OP, that the router was owned by the snoopy roommate.  If Nate is, in fact, the owner of said router for this house then that changes the whole game, and given the $#@! nature of his roommate I'd frankly just block snoopy-roommate's access entirely and tell him that since he doesn't like the network access he is providing he can go and find the internet elsewhere.

----------


## Nate-ForLiberty

I'm roommate #1, problem guy is roommate #2, there is a #3 but he's cool. The owner of the house is guy #4 (i guess); he's also cool. Basically, I moved in first. The owner trusts me yada yada, I have access to the router admin.

----------


## Nate-ForLiberty

just had an idea. peerguardian with a custom list that blocks local ips.

----------


## dannno

Can't you guys setup some throttles or something?

----------


## dannno

Is this guy a gamer or what? Why is he so concerned about dips in bandwidth or latency?

----------


## Nate-ForLiberty

i set up bandwidth priority, giving myself the absolute lowest and him the highest. He's just a douche.

----------


## Live_Free_Or_Die

If you have a cheap router with a crappy interface google DD-WRT.  Maybe you will get lucky and can install DD-WRT firmware on your router.  DD-WRT will turn a crappy cheap soho $50 router into a $600 router with support for just about everything including 1) QOS by devices, MAC, or port 2) Access Restrictions with support to filter by service, site, keyword, or time restrictions 3) and a lot more.

----------


## FunkBuddha

> My roommate is irrationally getting pissed about bandwidth allocation in the house. He says he's going to start recording everyone's internet activity. How can I block his MAC address? Or is there some other course of action I should take. 
> 
> (Already tried to work everything out by talking. At the moment on the surface everything seems ok, but this guy just bothers me. I know he'll do it anyway.)


Well, if its a switched network he's going to have a hard (not impossible) time recording everyones activity unless he's doing it from the router/gateway interface and you won't want to block that MAC address or you won't get anywhere. 

Also, if you're using any pre-shared key type encryption for wireless I'm pretty sure he can sniff there.

If you have SSH access to somewhere you can create a tunnel and proxy your traffic through that but he would still see your DNS resolution unless you can proxy that somehow.

All of that said, unless he's running something like openWRT or DD-WRT on the router, his port mirroring/sniffing functionality is going to be seriously limited. You could probably just point your DNS resolution to the OpenDNS servers and bypass much of the logging the device is capable of.

----------


## Ninja Homer

> If you have a cheap router with a crappy interface google DD-WRT.  Maybe you will get lucky and can install DD-WRT firmware on your router.  DD-WRT will turn a crappy cheap soho $50 router into a $600 router with support for just about everything including 1) QOS by devices, MAC, or port 2) Access Restrictions with support to filter by service, site, keyword, or time restrictions 3) and a lot more.


I really want to install that, but they still don't have it working for my router.  I have the Linksys wrt160n v2... it works for the v1, and the v3, but not the v2.  Kinda pisses me off because I got it with the intent of installing DD-WRT, and they shipped me the older model.  I might just have to go buy one.

----------


## Ninja Homer

You could just install an Annoy-a-tron behind one of his phone jacks, electric plates, or air ducts, and he'll forget all about the bandwidth issue for at least a few weeks.

----------


## Nate-ForLiberty

i'm actually hardlined into port 1 on the router. He's using the 2.4GHz wireless

----------


## Kotin

> You could just install an Annoy-a-tron behind one of his phone jacks, electric plates, or air ducts, and he'll forget all about the bandwidth issue for at least a few weeks.


that website has some awesome things on it.. thanks for the link!

----------


## dannno

> i'm actually hardlined into port 1 on the router. He's using the 2.4GHz wireless


Tell him to plug his ass in then 

Criminy. 

Just tell him you are OK with any sort of throttling or priority that you want to give him, but you don't want any bandwidth monitoring.. and if he is that concerned about speed then he really needs to plug himself in.

----------


## Nate-ForLiberty

> Tell him to plug his ass in then 
> 
> Criminy. 
> 
> Just tell him you are OK with any sort of throttling or priority that you want to give him, but you don't want any bandwidth monitoring.. and if he is that concerned about speed then he really needs to plug himself in.


dude. this is exactly what I said. I offered to move everything to right outside his door. See, a rational person would realize it ain't a big deal. But I'm dealing with irrationality, which means my only course is to protect myself.

----------


## pcosmar

> dude. this is exactly what I said. I offered to move everything to right outside his door. See, a rational person would realize it ain't a big deal. But I'm dealing with irrationality, which means my only course is to protect myself.


Click . 


I don't deal well with irrational.

----------

