Does AirPort Utility see AirPort base stations that aren’t yours? Here’s what you can do

If an ISP sets up their network insecurely, you could see other networks.

Wi-Fi tools
Thinkstock

While Apple canceled its AirPort/Time Capsule line of Wi-Fi base stations, there are still an untold number of them in use. I have two in my house alone, and sold an unused third one recently.

The AirPort Utility Mac app is how you administer the features on an Apple Wi-Fi base station. Using this app, Macworld reader Tony can see all sorts of base stations in AirPort Utility that don’t belong to him. What's up with that?

His internet service provider configured its access so that it assigned network addresses from the same shared pool to several customers. That’s not great from a security perspective, because it means that subscribers who haven’t set up firewalls or who have vulnerable computers and devices, could be intentionally attacked or sniffed by other customers.

Worse, because of modern malware that hijacks standalone hardware, like DVRs, if one person on that pooled network has been infected, the malware could spread to all other vulnerable devices!

(Technically, the ISP is routing a set of addresses with the same subnet. A subnet is a mask that essentially acts to define the size of a network range. The higher numbered the subnet, the more addresses that are masked. Networks can be as little as four addresses and as large as or billions. If you’ve configured a network manually, you may have seen something like a network set to 10.0.1.0 and the subnet mask of 255.255.255.0, which allows for 254 addresses, 1 to 254—like 10.0.1.100—with special reserved address at 0 and 255, like 10.0.1.255.) 

airport utility mac icon Apple

In this case, the Bonjour (or “mDNS”) data that Apple uses to let services and hardware provide discovery, or identify themselves on a network, are passing among all the addresses in this ISP’s pool.

What can Richard or anyone do? You can contact the ISP and complain, and see if it’s an error on its part or if thy have a fix. You could configure your AirPort base station to block incoming and outgoing traffic in a variety of ways, but Apple’s gear isn’t optimized to perform general firewall functions. Some much cheaper routers are much better at this. (You can lock down individual Macs this way on such a network, but you would still be at risk for your other hardware, including iPhones and iPads.)

Or you might switch to another ISP that engages in less-dangerous network pooling. Read online reviews to find another one in your area that has a better set of policies.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate, and whether you want your full name used. Every question won’t be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.

Related:
  
Shop Tech Products at Amazon