Networking – “Private” MAC Address

dd-wrtnetworkingrouterwireless-networking

I'm not new to home networking and I've been running DD-WRT routers for years. I'm a software developer, so "technologically" curious by nature but admittedly have never really researched in-depth low level technical details of networking.

I'm probably being paranoid and plan on doing further research and learning on my own, but I've been seeing strange things on my home network lately. The one I wanted to ask about here was regarding private MAC Addresses. By that I mean when I look up the MAC Address through the DD-WRT OUI Lookup, it's designated as private.

Google knows all, but I can't really find anything in plain English about typical use or scenarios where they would be used. I have a private MAC address showing up on my LAN with a DHCP assigned IP address that I haven't been able to identify.

I've used NMap pointed at the IP associated with the "private" MAC address but it can't identify anything about it either. It cannot identify the vendor/manufacturer, the O/S, or anything else. I'm looking for any information that may be useful in helping me understand where and what this device may be.

Other info: I've recently updated the WPA2 password from pretty secure to 13+ character length after seeing a "ghost" (aka evil twin) access point/SSID that I also can't identify. Additionally, for now (even though I know it's not a secure solution) I've filtered the offending "private" MAC address from accessing my home networks.

Best Answer

Private registrations are either MA-L, MA-M, or MA-S assignments from the IEEE to an entity that has paid an additional initial fee and/or an annual recurring fees to the IEEE to prevent their name and address from showing up in the public listing. More details of MA-L listings as an example can be found at the IEEE site.

There is no way to determine the manufacturer of this device from the OUI unless you have access to the private list. You will need to locate and/or identify this device by other means.

Just to be clear, this is in no way related to locally administered MAC addresses which is indicated by the second bit transmitted, specifically the second least significant bit for Ethernet.

Related Question