Unknown devices (likely iOS) with synthetic MAC addresses?

I'm running OpenWRT 19.07.5 for my WAN router and a series of APs (they're on 19.07.7). In the last few months, I've noticed some "mystery" devices showing up in the DHCP lease list.

They never advertise a hostname and they always have a synthetic MAC address (e.g., CA:3E:E6:17:37:4A). I read up on iOS and its usage of "private" wi-fi addresses (https://support.apple.com/en-us/HT211227), and I originally thought this was the devices themselves.

However, I see the actual devices with separate leases, an advertised hostname, and the actual MAC address of the device.

I'm trying to understand this behavior and see if I need to change a setting to allow the private addressing to work. This is a home network, so I have no issue with a synthetic MAC address for the device, I just want to make sure I understand what's going on and that I don't have some other weird behavior happening.

I don't see how is this OpenWrt related.
If the devices connect to the network, that means they have the right WPA key, they can request an IP from the dhcp server with a mac, real or made up.
Then the OpenWrt will show them in the dhcp lease list with the mac/IP it has.


This is something you can do in Linux too, connect over wired or wireless networks with a "cloned" randomized MAC address.

However, recent techniques like fingerprinting your computer over HTTP/S makes it very difficult to hide, even behind a VPN. To calculate your digital fingerprint, you may visit this research address : http://amiunique.org


Android since at least android 10 also allows using synthetic mac addresses. This is even the default for new network configurations.


I don't see any interest in using a synthetic MAC address, except in IPv6 where the IPv6 is derived from the MAC and the IPv6 allows to guess the MAC. Hiding a MAC is a technology of the past.

This is not correct.
Randomized (WiFi-) MACs are used to invalidate MAC-based tracking.
Which I did with great success until recently.

1 Like

In IPv4, the only visible MAC is the MAC of the gateway, not the MAC of your computer. randomizing MACs is only interesting in IPv6 where the IPv6 address is derived from MAC. Correct me if I am wrong.

You can find more info about MAC-address tracking/leakage using similar keywords.
Yep, the issue is mostly relevant to mobile devices.

1 Like

One thing I noticed when I installed iOS 14 was that my apple units got completely new MAC:s.

So in Apple the MAC isn't hardcoded.

1 Like

I did some more diagnostics, and it looks like this behavior is a quirk of iOS 14. See this link: https://www.jiribrejcha.net/2020/09/apple-ios-14-private-address-feature-per-ssid-wi-fi-mac-randomisation-and-how-it-actually-works/

I put the DHCP logging to debug level, and the behavior of the iOS devices in my house was consistent with the description in the article.

So, @trendy, you are correct, this isn't specific to OpenWRT, but an unusual behavior nonetheless.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.