MAC randomisation and DHCP pools

Joshua Stark starkjs at gmail.com
Sat Jul 25 01:46:39 UTC 2020 

The user can decide to turn the feature off on the Apple device per WiFi 
network:

Rarely, a network might allow you to join with a private address, but 
won't allow Internet access. If that happens, you can choose to stop 
using private addresses 
<https://support.apple.com/en-us/HT211227#onoff> with that network
(https://support.apple.com/en-us/HT211227)

I agree, this will make things different, harder initially. One example 
that comes to mind is white/black lists on WiFi networks, that will go 
out the window.
And the other of being able to set a static IPv4 will be next to impossible.

But was that not the point of IPv6 - totally random

In my mind this means we need an evolution of how we do things, like how 
AWS/GCP have taken the classic firewall of IP/Port to a Service Layer 
Firewall.
There is going to need to be another way to identify a device to allow 
automatic re-authentication, like public WiFi where you purchase access 
for greater then 24hrs.

How we do that, I don't know, but it's time to start thinking about how 
to implement the next evolution in technology!

Thanks
Josh


On 24/7/20 20:59, Mike Richardson wrote:
>> Hi Mike,
>>
>> This is not something new, it has been around since IOS 8 in 2014. I think
>> this page summarises how it works and has links to Apple's site with more
>> details.
>>
>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/
>>
>> It appears that it randomises the MAC address when the device is passively
>> scanning for networks and other particular settings are enabled or disabled,
>> so systems can't use the MAC address to persistently track wherever you go.
>> However, it seems that any associations/joining of networks is based on the
>> actual MAC address.
>>
>> Or am I talking about something else entirely different?
> Something new I believe:
>
> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3
> https://support.apple.com/en-us/HT211227
>
> Apple, in IOS14, are going to implement the changing of MACs every 24 hours
> as the default, and different ones for each SSID, I believe.
>
> I'm just trying to evaluate the impact on things like DHCP, but I'm not sure
> about exactly what happens when pools are, sort of, exhausted.
>
> Thanks,
>
> Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200725/10e18f09/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4044 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200725/10e18f09/attachment.bin>

More information about the dhcp-users mailing list