Hi All,
How can we fingerprint a client device to an Access Point having randomized MAC feature within it? As the device can change it's MAC at any point of time when connecting to the AP's SSID, the Access Point would consider it as a new client bcoz of it's new MAC-address.
Can we somehow handle this exception of randomized MAC such that even though the Access Point finds a new client MAC, it categorizes it as the original one which actually connected the first time.
You could try the use of device taxonomy
Although it may not help for randomised MAC, and may classify all similar clients the same
Otherwise you're maybe looking at a transparent proxy to try and fingerprint based on web requests?
This is not correct for mobile devices, like Android or iOS (windows 10 ?), assuming, the SSID does not change. Exact behaviour also depends upon Software version, unfortunately.
Unless you have clients, which explictly change their MAC before connecting, i.e. a LINUX notebook user fiddling around with the MAC,I see no problem here.
Yes i agree, the client MAC does not change everytime it connects to the SSID but if i forget the SSID and authenticate the client again, it changes. Can this be handled?
No, I suspect. But "... forget the SSID ..." is a very, very unlikely case.
As practically all devices remember the credentials themselves.