How to Disconnect Someone from Your Wi-Fi: Network Security

Many people are familiar with the sudden drop in internet speed and the appearance of unfamiliar gadgets in the list of connected devices. This is a sure sign that someone is using your network without permission, which not only slows down your connection but also puts your personal data at risk. In this article, we'll take a detailed look at how to identify these uninvited guests and permanently block their access.

There are several effective ways to restrict access to your access point, from simple methods to advanced security settings. We'll cover universal workflows for popular router models and explain the technical nuances of network filters. Security your home network depends on following these steps correctly.

Before taking any active steps to block the attack, you need to verify the intrusion and prepare access to your router's administrative panel. TP-Link, Asus, Keenetic Other manufacturers use similar setup principles, but interfaces may differ. The key is to proceed consistently and not change settings whose meaning you don't understand.

⚠️ Attention: Before making any changes to your router settings, be sure to write down the current settings or take screenshots. Incorrectly changing WAN or DNS settings can completely disable your internet access, requiring you to restore factory settings.

Identifying foreign devices on the network

The first step is always to accurately determine who is connected to your Wi-Fi. Users are often intimidated by unfamiliar names that are actually their own devices, such as a smart plug or TV. To avoid blocking yourself, conduct a thorough audit.

Log into your router's web interface, usually accessible at 192.168.0.1 or 192.168.1.1. Find the section that may be called Status, Network map, Client list or DHCP Client ListAll active connections with their IP and MAC addresses are displayed here. MAC address — is a unique identifier of a network interface, which is more difficult to forge than the device name.

Compare the list with your existing devices. If you find a device you can't identify, try temporarily disabling Wi-Fi on all your devices. If the "foreign" device disappears from the list when you turn off your phone, it was the one you were using. However, if the device remains active even when all your devices are turned off, this is cause for concern.

  • 📱 Check the names of all your smartphones, tablets, and laptops in the Wi-Fi settings.
  • 📺 Don't forget about Smart TVs, game consoles, and smart speakers.
  • 🏠 Consider the devices of guests who may have connected earlier and saved the password.
📊 How did you find out about the stranger's connection?
The Internet has become slow.
Name seen in the list
I received a notification from my antivirus.
I just decided to check out of curiosity.

Blocking via MAC filtering

The most reliable and common method of disabling a specific user is to use MAC filteringThis mechanism allows the router to check the address of each connecting device and either allow it into the network or block it at the protocol level. It's more effective than simply changing the password, as it doesn't require reconnecting all your devices.

To implement this method, find the section in the router menu Wireless network security or Wireless MAC FilteringHere you will need to create a blocking rule. Select "Deny" or "Blacklist" for the selected addresses. In the MAC address field, enter the intruder ID you found in the previous step.

Some router models, for example, from Microtik or Ubiquiti, allow you to create more complex rules, but for home TP-Link or D-Link A basic function is sufficient. After adding an address to the blacklist, the device will lose connection to the router immediately or after the DHCP lease expires.

☑️ MAC filtering algorithm

Completed: 0 / 5

It's important to understand the difference between the filter modes. The "Allow/Whitelist" mode allows only devices on the list to access the network, while all others are blocked. This is the most stringent protection option, but it requires manually entering the MAC addresses of all your devices. The "Deny/Blacklist" mode blocks only the specified addresses, allowing all others to pass.

Changing the password and changing the encryption type

If you want to disconnect everyone at once and allow only trusted users, the most drastic method is to change the Wi-Fi password. This will force all connected clients to disconnect, forcing them to enter a new access key. This is guaranteed to "kick out" anyone who knew the old password.

When changing your password, it's critical to choose the right encryption type. The standard today is WPA2-PSK (AES) or newer WPA3The outdated WEP and WPA (TKIP) protocols are easily cracked by automated programs in minutes, making changing your password pointless.

Why is WEP no longer secure?

The WEP protocol uses static encryption keys that can be recovered by intercepting a sufficient number of data packets. Modern video cards make it possible to brute-force such a key in a matter of seconds, so the standard was officially deprecated many years ago.

After changing your password, be sure to update it on all your devices. If you have the feature set up WPSIt's also recommended to disable it in your wireless network settings, as it's often a vulnerability for PIN cracking. The password should be complex and contain mixed-case letters, numbers, and special characters.

Encryption type Security Compatibility Recommendation
WEP Critically low High (old devices) Do not use
WPA (TKIP) Low High Not recommended
WPA2 (AES) High Very high The optimal choice
WPA3 Maximum New devices only For new equipment

Hiding the network name (SSID) as a security method

Another layer of protection is hiding the network ID. SSID (Service Set Identifier). When this feature is enabled, your network stops broadcasting its name. To the average user searching for available Wi-Fi in a list, your access point will be invisible.

However, this is not a full-fledged encryption method. Experienced users, using specialized network scanners (for example, Wi-Fi Analyzer) can still detect a hidden network through service data packets. However, this effectively filters out random neighbors looking for a place to "park."

To connect to a hidden network, you'll need to manually enter the network name (SSID) and password on each new device. On Android, when connecting to a hidden network, select "Add new network" and enter the exact name. Be careful with case.

Setting up a guest network for isolation

Modern routers such as Keenetic, Asus or Mikrotik, support the creation of a Guest Network. This is an isolated Wi-Fi segment that has internet access but no access to your local resources, such as shared folders, printers, or the router's admin panel.

Using a guest network is the best way to stay safe when friends are over. You give them the guest access password, and even if their device is infected with a virus, it won't be able to spread to your computers or smartphones. Additionally, you can often set up time or speed limits in the guest network settings.

You can set up a guest network in the corresponding section of the router menu. There, you can set a separate name (SSID) and password. You can enable this feature only when guests are visiting, and then disable it later, completely securing your main network.

  • 🛡️ Complete isolation from the host's local files.
  • ⏱️ Possibility to set a network operation timer.
  • 🚦 Speed ​​limit to prevent guests from downloading torrents.

Additional router security measures

In addition to blocking specific users, it is important to ensure general cybersecurity Devices. Often, attackers gain access to networks not by hacking the Wi-Fi password, but through vulnerabilities in the router itself if it uses factory passwords to access settings.

Be sure to change the password for logging into the web interface (admin panel). Standard combinations like admin/admin or admin/1234 are known to all hackers. Also, check if the Remote Management feature is enabled. If you don't plan to manage your router from your office or another country, this feature should be disabled.

⚠️ Attention: Router settings interfaces are constantly being updated. Menu locations may vary depending on the firmware version. If you don't find the feature you're looking for, consult the official documentation from your model's manufacturer or search for up-to-date screenshots for your firmware version.

Update your router firmware regularly. Manufacturers release updates that patch security holes. Automatic updates are the best option, but you can also check manually in the "Updates" section. System tools or Administration.

What happens if I block a device by MAC address and someone changes the MAC address on their phone?

A technically advanced user can change (spoof) the MAC address on their device to bypass blocking. However, for the average user who simply wants to use free internet, this procedure is too complex. In 99% of cases, blocking by MAC address completely solves the problem.

Will a blocked user see that they have been disabled?

Yes, they most likely will. Their device will continually try to connect, but will be rejected. At best, they'll realize the password is incorrect or the network is unavailable. At worst, they'll see the "Obtaining IP address..." status forever, which clearly indicates a block.

Is it possible to disconnect someone through the provider's app?

Some providers (for example, Rostelecom and MGTS) offer their own apps for managing home networks. If your router is supported by the provider and linked to your personal account, the device blocking feature may be available directly in the provider's app, without accessing the router's settings.

Will this reset my internet settings from my provider?

No, changing Wi-Fi settings, passwords, and MAC filters within your local network does not affect your ISP connection settings (PPPoE, L2TP, IPoE). Your internet will continue to work; only access to the wireless access point will change.