Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using MAC Address to Uniquely Identify Computers

Posted by CmdrTaco on from the now-there's-a-useless-idea dept.

An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?" Definitely not- unfortunately it won't work since MACs are changable.

10 of 561 comments (clear)

  1. It's even simpler.. by XaXXon · · Score: 5, Informative

    There's really no need to change your MAC address.

    They're violating the simple rule about never trusting the client. All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless. You don't even have to change your MAC address. And since MAC addresses are only used at the Ethernet level, not at the [TCP|UDP]/IP level, it doesn't matter that the server thinks your MAC address is different than it is.

  2. MAC Adress and Cable Modems by bildstorm · · Score: 5, Informative

    They've been trying this crap for years with cable modems. Until I got a router, I used to use two different machines, each with the same MAC address installed. Worked out great. It's easy to change, too. It's also let me on at friends' offices, where access is MAC controlled. We log on a machine, write down the address, shut it down, boot mine up, change the address, and log on.

    Who does it stop? Honest people.

    Who won't it stop? The same people hacking their games in the first place.

    --
    The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
  3. Re:Shh... by phil+reed · · Score: 5, Informative
    we could have some major routing issues should people choose the same MAC addresses.

    Uh, no you won't. The only time MAC addresses make a difference is in ARP packets, and the only place MAC addresses make a difference is on your local LAN segment. The fact that two people in different cities have the same MAC address matters not a whit to the routers between them.

    --

    ...phil
    "For a list of the ways which technology has failed to improve our quality of life, press 3."
  4. ...it's really not that hard... by ph0rman · · Score: 5, Informative

    here's how to change it for nt/2000
    windows2000faq
    -advanced tab in adapter properties

    linux
    eepro100 list
    -ifconfig eth0 hwaddr ether 00:11:22:33:44:55

    this is exactly why microsoft's registration process uses a lot more than just the mac address.

  5. Re:Shh... by phil+reed · · Score: 5, Informative
    I was referring to people on the same segment. Hardcore gamers in localities generally use the same provider to minimize latency issues. That is when the issue would crop up.

    But if you're on the same segment, then routing is not an issue.

    As noted, the answer is trivial: generate random MAC addresses. They are 6 bytes long - plenty of room for everyone to tumble the address every day and still not collide.

    --

    ...phil
    "For a list of the ways which technology has failed to improve our quality of life, press 3."
  6. What of windows? by moogla · · Score: 5, Informative

    Many ethernet drivers with this capability have an option for just this. For example, if you have a 3c918, click "configure" under network properties in win2k for that adapter. Select the "advanced" tab. On the left, you'll have an option called "network address" that's normally set to "Not Present". Change it to a specified value, and type in "DEADBEEFBABE" or whatever MAC address you want.

    Bingo.

    --
    Black holes are where the Matrix raised SIGFPE
  7. Re:Ban your Enemies by Dr.+Evil · · Score: 5, Informative

    Microsoft machines will tell you their MAC when you do a NBTSTAT on them. At least one ISP I know of blocks NetBIOS traffic because of uncontrolled file sharing, but I don't know how common that is.

    Personal firewall software should capture the request or block it too, so there are a few ways to thwart the method.

    Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it... "Hey check out my website dedicated to your demise!"

    As for changing your MAC, what if the third party program doesn't read the MAC from the network stack, but pulls it from the driver? i.e. using the same calls the Network stack uses to get it in the first place?

  8. Re:Shh... by Effugas · · Score: 5, Informative

    If there's one card on a network, and you add another, the question becomes "what are the odds that the two cards will pick the same number?" Since there's 48 bits of entropy(minus a small range for multicast addresses and broadcast), the odds are effectively 2^48.

    This is big.

    If there's many cards on a network, and you want to know how many total you can add before two of them will end up with the same card, the answer's far smaller -- 2^24, which is still pretty huge(it's a bit more than 16 million). It's a different problem because each time you add a new card, the card after has one more it can possibly match with. This is known as the birthday paradox, so named because this precise logic means that given 23 people in a room, there's a +50% chance that two people have the same birthday. Each new person is one more to match with.

    In reality, this is a moot point: MAC address prefixes are assigned by manufacturer, and the manufacturer serializes their cards such that no two shipped devices should ever have the same MAC address. Sometimes there are screwups, but they're pretty rare as far as I know.

    To debunk what a couple people are saying -- yes, MAC addresses as exposed to the network can be changed, but MAC addresses as detected by custom client software may be more tricky. Whatever the driver is exposing to the network, the card itself can't usually have its MAC address written over(i.e. once power is cycled, that card's returning to original shipped condition). I'm positive there are exceptions to this, but they're probably rare.

    Actually, this gives me an interesting idea. You can probably remotely fingerprint the age of a computer based on the MAC address of its ethernet card...and if IPV6's MAC->IP shove goes through, you'll be able to do that reasonably remotely!

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  9. Not just for gaming by chazzf · · Score: 5, Informative

    I work tech support at a small liberal arts college, and we require all students to register their machines within three weeks of getting on campus. We then lock their ports to their MAC addresses. If you need to move or change your card you can re-register, usually the change goes through in a day. We did it to make it easier to detect and limit email worms. If we see it coming from some specified port we close it off and the flag passes to the techs. So far it's worked pretty well, often we get people coming to us complaining that "their Internet doesn't work," usually it's because they got Klez and we shut their port off. Decent alarm system, really.

    --
    No statement is true, not even this one.
  10. Re:Ban your Enemies by Alsee · · Score: 5, Informative

    Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it...

    No need for social engineering. Anytime you play a game with someone you create an internet connection, that means your machine has to know their IP address. On Win98 (and probably all MS OS's) just open a dos window and type NETSTAT to see the text version of their address (userID.AOL.COM), or NETSTAT -N to see the dotted IP address (123.45.67.89).

    Lots of people hesitate to tell you their IP address, thinking it is some big secret. It's rather amusing to get into a game with them and say "Your IP address is 123.45.67.89, your ISP is RoadRunner, and you are in Southern California, right near the coast".

    How do I do the last part, naming their location? Just type their IP address into visualroute. (Requires Java) One end of the line is fixed at the visualroute server, the line shows the physical location of every server along the route to the target. You can click the map to zoom in.

    It is interesting to note that it is not uncommon for servers locations to be completely different from the country code in the address. For example www.indymedia.org.il (Isreal country code) is actually hosed in Chiago USA. Often it is simply more convient getting content hosted on major US server farms, but sometimes it could be relevant for legal reasons, or it could even be intentionally missleading.

    P.S.
    I used www.indymedia.org.il as an example because it's the only example I remember off hand. I recall that one becase indymedia is anti-isreal, and I suspect the Isreal country code may be intentionally missleading. The indymedia "news" sites are certainly independant, but in my oppinion extremely biased and unreliable. It is a good source for certain stories the "major media" may have neglected, but double check any information you get there. The writing often drops to the level of pure propaganda.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.