Is your internet slowing down and your data plan is dwindling? Someone else might be accessing your Wi-Fi. According to Juniper ResearchMore than 30% of home networks have unsecured access points, and 15% of users don't even know how to check the list of connected devices. In this article, we'll look at how to identify "uninvited guests," determine their MAC addresses, and permanently block access to your network—without unnecessary technical complications.
Verification methods vary depending on the router model and firmware, but the general process is the same: log into the admin panel, review the client list, and apply filtering. We'll cover options for popular brands (TP-Link, ASUS, Keenetic, MikroTik), as well as universal methods through mobile applications and third-party utilities. Important: MAC address blocking isn't a panacea—experienced attackers can spoof it, so combine methods.
If you're a landlord or owner of an office where Wi-Fi is shared among multiple people, learn to distinguish legitimate devices from suspicious ones. For example, a tenant's smartphone with the name iPhone-12-Pro - this is normal, but the unknown Android-5a3f8d Activity at 3 a.m. is cause for concern. At the end of this article, you'll find a FAQ with answers to commonly asked questions, including "Can I find out who's using my Wi-Fi by name or IP?"
1. How to access the router settings and find a list of connected devices
The first step is accessing the admin panel. To do this:
- 🌐 Enter in the address bar of your browser
192.168.0.1or192.168.1.1(less often)192.168.8.1for some models TP-Link). If the page does not open, check your router's IP using the commandipconfig(Windows) orifconfig(macOS/Linux). - 🔑 Enter your login and password. By default, this is often
admin/adminoradmin/passwordIf the data has changed, use the button Reset on the back panel of the router (hold for 10 seconds). - 🔍 Look for sections like
DHCP Clients List,Connected Devices,Wireless ClientsorLocal area network(in Russian-language firmware). In Keenetic ThisList of devices, V ASUS —Network map.
Example path for popular routers:
| Brand | Path to the list of devices | Default login/password |
|---|---|---|
| TP-Link | Basic → DHCP → DHCP Clients List | admin/admin |
| ASUS | Network Map → Clients | admin/admin |
| Keenetic | List of devices (main menu) | No password (login only) admin) |
| MikroTik | IP → DHCP Server → Leases | admin (password is empty) |
| Zyxel | Network → Local Area Network → DHCP | admin/1234 |
If your router gives an error when logging in, check:
- 🔌 Is the Ethernet cable connected to the port?
LAN(if you are logging in from a PC). - 📶 Are you connected to this network's Wi-Fi (mobile devices sometimes "forget" the network).
- 🔄 Reboot the router using the button
Poweror by removing the power supply for 30 seconds.
⚠️ Attention: If you haven't changed the default administrator password, anyone connected to your network can access your router settings. Be sure to set a strong password (at least 12 characters, including numbers and special characters) in the "Administrator" section. System Tools → Password (or similar).
2. How to distinguish your devices from others: analyzing the client list
In the list of connected devices you will see the following columns: IP address, MAC address, Host name (Device Name), Connection time And Connection type (Wi-Fi/ETH). Your task is to identify all your gadgets.
Signs of "own" devices:
- 📱 Host name: contains the gadget model (for example,
iPhone-14-Pro,Samsung-Galaxy-S22). - ⏱️ Connection time: matches your activity (for example, your smartphone connects in the morning and disconnects at night).
- 🔄 MAC address: You can check it with the sticker on the device body or through its settings (for example, in
Settings → About deviceon Android).
Signs of foreign devices:
- 🤖 Strange names like
android-5f3d8aoresp_123456(possibly a neighbor's smart light bulb). - 🕒 Connecting at unusual times (for example, 2:00 a.m. when everyone is asleep).
- 📡 MAC address starts with
B8:27:EB(Raspberry Pi),DC:A6:32(smart sockets) or other prefixes that are not typical for your gadgets.
How do I find out my device's MAC address?
On Android: Settings → About phone → General information → Wi-Fi MAC address.
On iOS: Settings → Wi-Fi → ⓘ next to the network → MAC address.
On Windows: run the command ipconfig /all V Command line and look for the line Physical address.
On macOS: System Preferences → Network → Advanced → Ethernet/Wi-Fi → MAC Address.
If you spot a suspicious device, don't rush to block it. It could be:
- 💡 Smart technology (lamps Xiaomi Yeelight, robot vacuum cleaner Roborock).
- 🎮 Game console (for example, PlayStation or Nintendo Switch neighbor, if the networks intersect).
- 🖥️ A virtual machine or a second router in repeater mode.
3. How to block a device by MAC address: step-by-step instructions
MAC address blocking is the most secure method at the router level. Even if an attacker learns the Wi-Fi password, their device will be unable to connect. Instructions for different firmware versions:
For routers TP-Link:
- Go to
Advanced → Security → Access Control. - Turn on
Access Control(switch to positionON). - Select mode
Blacklist(black list). - Add the MAC address of the unwanted device manually or select from the list
DHCP Clients List. - Save settings (
Save).
For routers ASUS:
- Open
Wireless Network → MAC Filter. - Select
Enable MAC address filteringand regimeBan. - Enter the MAC address in the format
XX:XX:XX:XX:XX:XX(without dashes). - Click
AddAndApply.
For routers Keenetic:
- Go to
List of devices. - Find the suspicious device and click on it.
- Select
Block Internet accessorBlock Wi-Fi connection. - Confirm the action.
Make sure the MAC address is entered correctly (case is not important, but the characters must match)
Check that the device is really someone else's (compare it with your gadgets)
Save the changes and reboot the router to apply the rules.
Check that your devices have not lost network access.
-->
MAC addresses can be spoofed, so to be on the safe side, combine blocking with changing the Wi-Fi password and disabling the WPS function (it is vulnerable to hacking).
⚠️ Attention: Some firmware (for example, MikroTik RouterOS) require creating a separate firewall rule to block by MAC. If the device still connects after adding it to the blacklist, check the rule priority in IP → Firewall → Filter Rules.
4. Alternative blocking methods: changing the password and setting up a guest network
If MAC blocking doesn't work or you're unsure how secure it is, try these additional steps:
1. Change your Wi-Fi password
- 🔐 Go to
Wireless → Wireless Security(or similar section). - Select encryption type
WPA2-PSK(orWPA3-PSK, if supported). - Create a password that is at least 12 characters long and includes numbers, letters, and special characters (e.g.
WiFi_7#kL9!pQ2). - 📱 After changing the password, all devices will be disconnected and you will have to reconnect them.
2. Setting up a guest network
- 🏠 Create a separate network for guests in
Guest Network(orGuest network). - 🔒 Set a different password for it and limit the speed (optional)
Bandwidth Control). - 🚫 Disable local network access (
Enable AP Isolation) so that guests cannot see your devices.
3. Disabling WPS
- 🔌 WPS is vulnerable to brute-force attacks. Disable it.
Wireless → WPS(translate intoDisabled). - 🛡️ If WPS is needed for smart devices (such as a printer), enable it only during setup, then disable it.
4. Hiding the network name (SSID)
- 👁️ In
Wireless → Basic Settingsturn it offEnable SSID Broadcast. - ⚠️ This won't protect you from experienced hackers, but it will reduce the number of accidental connections.
5. Mobile Wi-Fi Monitoring Apps: Overview and Instructions
If accessing your router settings is inconvenient, use specialized apps. They display a list of connected devices, their activity, and even geolocation (for some router models).
Top 5 apps for Android and iOS:
| Application | Platform | Functions | Price |
|---|---|---|---|
| Fing | Android, iOS | Network scanner, device detection, port checking | Free ($29.99/year premium) |
| WiFi Guard | Android | Monitoring new devices, connection notifications | For free |
| NetScan | iOS | LAN scanning, identifying manufacturers by MAC | $4.99 |
| TP-Link Tether | Android, iOS | Managing TP-Link routers and blocking devices | For free |
| Keenetic NetFriend | Android, iOS | Device control, parental controls, guest network | For free |
How to use Fing (universal option):
- Download the app from App Store or Google Play.
- Connect to your Wi-Fi network.
- Click
Scan— after 10–20 seconds a list of devices will appear. - Click on a suspicious device to see its MAC address, manufacturer, and open ports.
- If you need to block, copy the MAC and add it to the router's blacklist (as in Section 3).
WiFi Guard convenient for automatic monitoring:
- 🔔 Set up notifications about new devices in
Settings → Notifications. - 📊 Check your connection history in the section
History. - 🔍 Use the function
WhoIsto determine the manufacturer by MAC.
⚠️ Attention: Mobile apps only show devices that are active at the time of scanning. If the attacker is disconnected, they won't be listed. For complete control, combine the apps with your router settings.
6. Advanced methods: firewall, IP and VLAN restrictions
If standard methods don't help, try advanced settings. They require technical knowledge but provide maximum control.
1. IP blocking in the firewall
For example, in MikroTik:
/ip firewall filter add chain=forward src-address=192.168.88.100 action=drop comment="Block intruder" disabled=no
Where 192.168.88.100 — IP address of the unwanted device.
2. Time-Based Access
- ⏰ In routers ASUS And TP-Link there is a function
Time Scheduling. - 🕒 Set up Wi-Fi access only during certain hours (for example, from 8:00 AM to 11:00 PM).
- 🚫 Outside this interval, the network will be inaccessible even with the correct password.
3. Separating the network into VLANs
- 🌉 Create separate virtual networks for different types of devices (for example, VLAN 10 for smartphones, VLAN 20 for smart home).
- 🔒 Configure firewall rules to prevent communication between VLANs.
- 📡 VLAN support is required in the router (available in MikroTik, Ubiquiti, some models ASUS).
4. Using the range (for experienced users)
- 📡 Reduce your Wi-Fi transmission power
Wireless → Advanced Settings → Tx Power. - 🏠 This will reduce the coverage area, and neighbors will not be able to connect from a long distance.
- ⚠️ Disadvantage: Your devices at the edge of the zone may also lose signal.
How to set up VLAN on an ASUS router?
1. Go to Local Network → Route.
2. Create a new VLAN with a unique ID (For example, 10).
3. Assign ports or SSIDs to this VLAN.
4. In Wireless network Create a separate access point assigned to a VLAN.
5. Set up a firewall in Firewall → Basic Rulesto prohibit traffic between VLANs.
7. What to do if nothing helps: extreme measures
If foreign devices continue to appear despite all efforts, it is possible:
- 🔓 Your router is infected with malware (for example, VPNFilter or Mirai).
- 🕵️ Someone has physically connected to your router (via
WAN-port or buttonWPS). - 📡 Your Wi-Fi signal reaches too far and your neighbors are using directional antennas.
Actions in such cases:
- Reset your router to factory settings.
Click the button
Resetfor 10-15 seconds. After reset Be sure to update your firmware to the latest version (chapterSystem Tools → Firmware Upgrade). - Check your router for vulnerabilities.
Use the service RouterSecurity.org or utility RouterPassView (for Windows) to find known vulnerabilities.
- Install alternative firmware.
For example, OpenWRT or DD-WRT (supported by many routers) TP-Link, ASUS, Netgear). They give more control over security.
- Change your router.
If the model is outdated (for example, TP-Link WR740N or D-Link DIR-300), its hacking is often a matter of time. Modern routers (for example, ASUS RT-AX88U or Keenetic Ultra) have better protection.
Signs of an infected router:
- 🔄 Spontaneous reboots.
- 📡 Unknown open ports (check via 2ip.ru/port-scan).
- 💻 Changing DNS servers in the settings (for example, on
8.8.8.8or1.1.1.1without your knowledge). - 📈 A sharp increase in outgoing traffic (check in
Bandwidth Monitor).
⚠️ Attention: If the router is infected, changing the Wi-Fi password won't help—an attacker can still gain access through a backdoor. The only reliable solution is a firmware reset and update (or a replacement).
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to find out who exactly is using my Wi-Fi (name, address)?
No, you can only determine the device model and manufacturer using the MAC address or IP (for example, Apple or Samsung). To identify a person, you need to:
- File a complaint with the police (if it concerns traffic theft or a hacker attack).
- Use legal methods of signal triangulation (requires special equipment and permission).
In most cases, simply locking the device is enough.
Why does the device reappear online after being blocked by MAC?
Possible reasons:
- The MAC address is spoofed (it can be changed in Android/iOS/Windows settings).
- The router did not save the settings (check that you clicked
Save/Apply). - The device connects via a different MAC (some gadgets have multiple network interfaces).
Solution: combine MAC blocking with other methods (changing the password, disabling WPS).
How to protect Wi-Fi from hacking 100%?
There is no absolute protection, but these measures will make it as difficult as possible for attackers:
- Use
WPA3-PSK(orWPA2-PSKWithAES encryption). - Turn it off
WPS,UPnPand remote access (Remote Management). - Enable the firewall and disable it
Pingfrom outside (ICMP). - Update your router firmware regularly.
- Use VPN for critical devices (eg. ProtonVPN or NordVPN).
Is it possible to lock a device by name (eg "iPhone")?
No, blocking only works by MAC address or IP. The device name (hostname) is easily spoofed, so routers do not support filtering by this parameter. The exception is some enterprise solutions (e.g., Cisco Meraki), where you can create rules based on the name, but this requires additional software.
Is it true that my neighbors can hack my Wi-Fi in 5 minutes?
Depends on settings:
- 🔴 If you have
WEP encryptionor password12345678- Yes, the hack will take seconds. - 🟡 If
WPA2with a simple password (for example,qwerty) - vulnerable to brute force attacks (may take hours). - 🟢 If
WPA3+ complex password + disabled WPS - hacking is unlikely without physical access to the router.
Use services like WifiCrackerTest (not for hacking, but to test the strength of your password!).