A Novice With Potential Security Holes

I don’t know a lot when it comes to networking and especially the security side, but I’m learning. My IPFire setup is pretty much default, as in I haven’t changed much from when it’s first installed. I have IPS set up with ET community rules installed. I also have a couple of boxes ticked in the URL filter (although I did that mostly to block ads and I don’t think it works very well). And I’ve assigned the DNS server through AdGuard. I originally was doing Cloudflare for the supposed speed boost but when the IPS was introduced they didn’t like to play together. So again went with something that I hoped would help with more ad blocking. Don’t think it works well.

Anyway I just wanted to give a quick overview of my setup. The issue I’m having is a few random rogue mac addresses showing up in my dynamic leases. Now I never catch anything connected in the moment but in the history I find addresses that seem to have connected. Now they just show the line crossed out in the expiration date. None of these addresses correspond to anything I own. All of my connected devices are assigned a fixed IP address. I’ve checked a few of the addresses and some are devices I’ve never owned. I’ve blocked a couple of addresses using firewall rules but new ones keep popping up from time to time.

Also I don’t believe they’re connecting through wifi which is configured through it’s own setup. I’m using a Ubiquity UniFi AC LR which is up to date and I’ve been monitoring it and no rogue devices have connected.

So how would I go about blocking this weird traffic? What kind of holes do I need to plug? Do I even have my system set up properly? Or does it sound like IPFire is doing what it’s supposed to do an I’m concerned about nothing?

Thank you in advanced for all your help and advice.

I think the random MAC addresses are generated by new mobile phones. They try to hide there hardware MAC for privacy. Also wlan repeater often alter the MAC of forwarded traffic to prevent building a loop. So the MAC address is not valid way to determine clients anymore…

So are you saying my own devices are generating random mac addresses when they reconnect or something?

Maybee. Windows10, IOS8+ and Android 5 support this but it should be disabled at default. With Android P google has enabled it as default.