MAC randomisation and DHCP pools

glenn.satchell at uniq.com.au glenn.satchell at uniq.com.au
Sun Jul 26 03:02:16 UTC 2020 

Hi Mike,

I think in the short term setting the lease time to 24 hours would free 
up old leases after the MAC address changes, meaning the old client 
effectively goes away. Public places like shopping malls, should already 
have shorter leases due to the massive churn in clients, so it's not 
going to bother them much.

But that doesn't address any of the issues with identifying individual 
devices, eg to put into different classes. For that I think it will need 
an education scheme with your users to turn off the feature on networks 
where identifying the client matters, eg corporate or home networks.

I think this will evolve to having some other persistent identifier for 
systems to use.

regards,
-glenn

On 2020-07-25 11:46, Joshua Stark wrote:
> The user can decide to turn the feature off on the Apple device per
> WiFi network:
> 
> Rarely, a network might allow you to join with a private address, but
> won't allow Internet access. If that happens, you can choose to stop
> using private addresses [1] with that network
> (https://support.apple.com/en-us/HT211227)
> 
> I agree, this will make things different, harder initially. One
> example that comes to mind is white/black lists on WiFi networks, that
> will go out the window.
> And the other of being able to set a static IPv4 will be next to
> impossible.
> 
> But was that not the point of IPv6 - totally random
> 
> In my mind this means we need an evolution of how we do things, like
> how AWS/GCP have taken the classic firewall of IP/Port to a Service
> Layer Firewall.
> There is going to need to be another way to identify a device to allow
> automatic re-authentication, like public WiFi where you purchase
> access for greater then 24hrs.
> 
> How we do that, I don't know, but it's time to start thinking about
> how to implement the next evolution in technology!
> 
> Thanks
> Josh
> 
> On 24/7/20 20:59, Mike Richardson wrote:
> 
>>> Hi Mike,
>>> 
>>> This is not something new, it has been around since IOS 8 in 2014.
>>> I think
>>> this page summarises how it works and has links to Apple's site
>>> with more
>>> details.
>>> 
>>> 
>> 
> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/
>>> 
>>> It appears that it randomises the MAC address when the device is
>>> passively
>>> scanning for networks and other particular settings are enabled or
>>> disabled,
>>> so systems can't use the MAC address to persistently track
>>> wherever you go.
>>> However, it seems that any associations/joining of networks is
>>> based on the
>>> actual MAC address.
>>> 
>>> Or am I talking about something else entirely different?
>> 
>> Something new I believe:
>> 
>> 
> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3
>> https://support.apple.com/en-us/HT211227
>> 
>> Apple, in IOS14, are going to implement the changing of MACs every
>> 24 hours
>> as the default, and different ones for each SSID, I believe.
>> 
>> I'm just trying to evaluate the impact on things like DHCP, but I'm
>> not sure
>> about exactly what happens when pools are, sort of, exhausted.
>> 
>> Thanks,
>> 
>> Mike
> 
> 
> 
> Links:
> ------
> [1] https://support.apple.com/en-us/HT211227#onoff
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> 
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list