fingerprinting

maregalado · October 17, 2024, 7:01am

Hi, does anyone know if it is possible to create a fingerprinting method instead of using the MAC address to track wireless devices?

BR

holvoetn · October 17, 2024, 7:19am

A LOT more context info needed on what you want to do and why …

tangent · October 19, 2024, 7:23am

EAP? One unique fingerprint per device. Yay!

maregalado · November 28, 2024, 3:03pm

Hi, we have a platform that through MAC addresses we can track users. Using Mikrotik access points we can know the number of mobile devices in a specific area and know where those mobile devices are moving. The problem is when the mobiles use dynamic MAC addresses. In that case we cannot track the mobiles end to end because the MAC address changes. We have seen that using fringerprinting we could have an ID that identifies the mobiles even if the MAC address changes.

Mobile devices do not need to be connected to the WIFI network to be tracked.

rextended · November 28, 2024, 3:09pm

Forbid access of fake MAC (no matter explain here how, already present on forum),
and standard user are forced to use real MAC.
/interface wifi access-list
add action=reject disabled=no mac-address=02:00:00:00:00:00 mac-address-mask=02:00:00:00:00:00
For v6 there is not a mask on access list, but you can drop all the traffic with
/interface bridge filter
add action=drop chain=input log=yes log-prefix=“IN-DROP Private MAC” src-mac-address=02:00:00:00:00:00/02:00:00:00:00:00
add action=drop chain=forward log=yes log-prefix=“FW-DROP Private MAC” src-mac-address=02:00:00:00:00:00/02:00:00:00:00:00

jaclaz · November 28, 2024, 3:27pm

Excuse me rextended, if I get this right, that means an untold:
Hey, user, you won’t connect to my wifi.

The more knowledgeable users might read the above unwritten message as:
Hey, user, you won’t connect to my wifi unless you disable the randomized MAC address feature of your device (yes the one that was introduced to reduce tracking of the device when connected to wifi).

The less knowledgeable users (most users) will read the unwritten message as:
This wifi is not working.

IMHO the reaction of the first group is likely to be:
*uck you!
the reaction of the second group is likely to be instead:
*uck you!
(these will also report the issue and make a fuss about it)

It seems to me a good idea if you want less people to use that wifi.

rextended · November 28, 2024, 3:58pm

Yes and no.
<insert here the classic explanation of how this thing introduced for a false privacy
(the apps on the phone do more of your business than those who provide Wi-Fi with MAC)
then prevents abuses from the standard and not-so-standard users, even involuntarily, of a free service>

Of course, experts don’t have this problem, but usually they are really very few.
It must also be said that lately there are fewer and fewer people mendicating for free Wi-Fi connection
because (at least here in Italy) now the “Giga” with the cell phone they throw at you for free…

anav · November 28, 2024, 4:50pm

I hope I get at least 20 tries before getting locked out ( counting my toe prints)

jaclaz · November 28, 2024, 5:04pm

Wait for 802.11az wide adoption?