An Accepted Solution is available for this post. Jump to solution.
Control Over Network Access
Larwrence
Newbie
‎03-05-2022 08:13 AM

My friend has another internet provider that competes directly with Verizon. She has a router feature that prohibits access without her permission. If someone tries to log onto her network, she get a notice on her smartphone asking for her permission to allow access. If she clicks on "NO", access is denied. How hard can it be for Verizon to offer a similar feature? 

0 Likes
1 Solution

Correct answers
An Accepted Solution is available for this post. Jump to solution.
Re: Control Over Network Access
gs0b
Community Leader
Community Leader
‎03-13-2022 10:03 AM

Verizon routers have a Guest WiFi network.  It does not have an access to resources on the main network.  For the use case you describe, the solution is to give visitors the password to the guest WiFi network.

Any devices you see on your main network either are directly connected to a wired coax or Ethernet cable, or through WiFi.  If they are on WiFi, they were configured with a WiFi password.  Anytime you give a device a WiFi password, that a direct approval for the device to connect to your network.

As for the new-hosts, a little searching of their MAC addresses will reveal the device manufactures.  Grab the MAC addresses from the router's connected device list and google the first three octets (xx:xx:xx) or find a site that does MAC address manufacturer lookup.  I'm guessing that many of them are Apple devices, as they sometimes don't broadcast device names.  If you have a lot of phones, tables, watches and so on; those are the likely culprits.  But I wouldn't worry about it.

As for a pop-up connection approval without any WiFi password - that sounds like a serious security risk to me.  Without a password, that tells me the WiFi network is unencrypted.  That makes it trivial for a nearby hacker to sniff traffic on the network and even spoof a network node.  This is not a behavior I'd want on any of my networks regardless of the ISP.  It sounds like an idea a marketing person came up with but never ran it past a security engineer.

View solution in original post

3 Replies
An Accepted Solution is available for this post. Jump to solution.
Re: Control Over Network Access
Cang_Household
Community Leader
Community Leader
‎03-05-2022 11:25 AM

You may want to elaborate a bit. What do you mean by "log onto her network?"  NAT'ed network rejects all inbound connections by default unless you configure port forwarding or host services on the ports of the WAN side to accept connections.

An Accepted Solution is available for this post. Jump to solution.
Re: Control Over Network Access
Larwrence
Newbie
‎03-13-2022 08:43 AM

Pretty simple really...

If my neighbor welcomes a visitor in her home and that visitor needs Wifi access, the visitor finds my neighbor's Wifi address on their device and tries to log on. As soon as the visitor clicks on the Wifi address, my neighbor get a message on her smartphone that says something like...

"Someone is trying to log into your network. Do you want to allow access? YES? NO?"

If my neighbor clicks NO, then access is denied. If my neighbor clicks YES, then access is allowed and the visitor can immediately access my neighbor's network without a password. 

You mention terms like...

NAT'ed,

configure port forwarding or host services

WAN side...

Yikes! I'm not a rocket scientist, I just want to find out the easy way to secure my Verizon Fios Wifi network from the unauthorized connections that I keep seeing. I keep seeing connections like...

new-host-1

new-host-2

new-host-3

new-host-4

etc...

Where are theses "new-host" connections coming from and why are they allowed access without my permission?

Any suggestions?

0 Likes
An Accepted Solution is available for this post. Jump to solution.
Re: Control Over Network Access
gs0b
Community Leader
Community Leader
‎03-13-2022 10:03 AM

Verizon routers have a Guest WiFi network.  It does not have an access to resources on the main network.  For the use case you describe, the solution is to give visitors the password to the guest WiFi network.

Any devices you see on your main network either are directly connected to a wired coax or Ethernet cable, or through WiFi.  If they are on WiFi, they were configured with a WiFi password.  Anytime you give a device a WiFi password, that a direct approval for the device to connect to your network.

As for the new-hosts, a little searching of their MAC addresses will reveal the device manufactures.  Grab the MAC addresses from the router's connected device list and google the first three octets (xx:xx:xx) or find a site that does MAC address manufacturer lookup.  I'm guessing that many of them are Apple devices, as they sometimes don't broadcast device names.  If you have a lot of phones, tables, watches and so on; those are the likely culprits.  But I wouldn't worry about it.

As for a pop-up connection approval without any WiFi password - that sounds like a serious security risk to me.  Without a password, that tells me the WiFi network is unencrypted.  That makes it trivial for a nearby hacker to sniff traffic on the network and even spoof a network node.  This is not a behavior I'd want on any of my networks regardless of the ISP.  It sounds like an idea a marketing person came up with but never ran it past a security engineer.