Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
not banned anymore :D
What would Brian Boitano do?
Don't go telling the general public MAC addresses are changeable. If someone creates a program to easily do the change, we could have some major routing issues should people choose the same MAC addresses.
...until the MAC address generators have gone through all the "MAC-space" of possible addresses...
Wireless APs like Linksys' already come with a web admin that lets you specify *any* MAC address, apparently to please some cable/adsl providers that measure traffic/authenticate (partly) based on this.
Why not provide a public key server and ask people to submit they public OpenPGP key, signe by P. Zimmermann himself ? Get your identity trusted by Z. or go play somewhere else... After all, this seems to imply they want "real" players!
Notepad specialist & FAT administrator, group training available
Of course it's not open source; the last thing they want is users making changes to this program. Then it would be of no use to them.
-- Cheers!
No, it's not going too far. The game server admins can run the server however they choose fit. If you don't like the rules, don't use the server!
However, the majority of people don't know how to reset their MAC addresses. Also, as I believe to be true, some broadband providers specifically use MAC addresses to verify access. For instance, my Comcast cable modem does everything by MAC, so if I change my NIC in my machine, I need to power off/on the cable modem in order to get back through to the Internet. Although this is sort of a minor issue, some other ISPs may be more strict about MAC changes.
Overall, the admins figure they will cut out 99% of the hacking attempts as people would just go elsewhere, or once they did cheat, just wouldn't know how to change their MAC.
Does not the current IPv6 address allocation standard specify using your MAC address as the suffix portion of the IPv6 address? This is merely a taste of things to come if/when IPv6 becomes widely deployed, when your very IPv6 address can uniquely identify the hardware you are on (unless you use IPv6 NAT, of course.)
And yes, presently, you can probably change the MAC address of your system. However, once software vendors and DRM technologies and other things start locking themselves to your computer hardware, I suspect changing the MAC address would cause problems. The only thing this game company has to do is when the game is installed is to lock the licence to the present MAC address so it will not run with a changed IP address without a new licence.
When I was involved with the initial deployment of DSL service in Canada, our customer ran into an interesting problem: many of the low-cost NICs that they shipped with the DSL modem had the same MAC.
Under most circumstances, this is seldom an issue since the NICs aren't likely to be deployed on the same network segment. However, when the MAC is used for other tracking services (in this case, a layer-2 NAT), you have a problem.
And of course, as others have said, most NICs permit the factory MAC to be overridden.
Who the heck is going to buy a used network card?? You can pick up a realtek 8139x based card for $10 CDN retail, and probably for close to the price of a pack of gum online ;)
And ban the ~252 other potential hosts on that network?
I think PKI would be ideal for this purpose. MAC addresses obviously not. Maybe adding PKI code to games would even encourage people to buy a personal certificate. I never had a good reason to buy one but a cheater free CS-server is certainly worth it. They could even bundle games with Verisign certificate vouchers or something. If some people are worried about there privacy you could just create games certificates. Of course people should keep there private keys private.
The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.
This has been going on for a while, though without MAC addresses, a much simpler system. Most multiplayer games thesedays come with a CD-Key thats authenticated by a central server whenever you play a game. The CDkey usually has a unique ID strapped to it that is publically accessible by admins or players. You ban the ID, they cannot connect to the game without changing their CDkey (which means either buying a new copy or finding another cdkey that works online, neither are 'easy'). If MAC addresses can be changed, then as soon as a couple of like-minded gamers find out about that, you can count on their being a guide on how to do it for gamers eventually. The best way handle this is on both a MAC, and CDkey-ID level. Ban their MAC, and ban their ID, that will stop all but the most determined/knowledgable.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
After a certain number of violations, sure. Look at anti-spam organizations that do the same thing on a much larger scale like SPEWS. They blacklist larger blocks than /24. Now this isnt on the same legality level as spam, but it sure is just as annoying.
Call me crazy, but how, exactly, does ones MAC address end up being sent over anything but your local ethernet network?
Once that packet hits your internet gateway, the ethernet header containing your MAC is stripped, and an HDLC or FR packet is constructed from the ethernet payload and sent out over the WAN link.
Are they really embedding MAC addresses into the payload? This will only work if you actually have an ethernet card in your computer. So only those lucky enough to have broadband will be effected?
The MAC is 48 bits, split in two, don't remember how many bits each part. One part is the manufacturer id, the other is the specific card, such as a sequential serial number. MACs are assigned when built, non-changeable, a truly unique card id.
However, you can tell the OS to report a different MAC. That's what "changing your MAC" means, it doesn't actually change the MAC on the card, but it changes what the OS reports.
This is also a good example of why Palladium and trusted computing can't have just any old OS running on a computer. DRM requires complete control, not just a little bit of special software.
Infuriate left and right
Your average person who cares that it's recorded can change it easily, and your average 12 year old cheating 5||21p7 |1DD13 probably won't even know why he got banned...
Except the reason people get banned is for using cheats etc, which are distributed in the same way as information on how to change your MAC.
The first thing someone will do when they are banned is do a search on google for "telstra banned game unban" or something, and get hundreds of hits on how to get around it.
I.O.U One Sig.
Given the description, it will send the one of the PC running this 3rd party program -- which means the PC you're playing/working from.
Basically, they know how easy it is to change or mask IP addresses, and how (particularly for dialup users), banning an IP can punish a lot more people than just the original offender.
So, in the mind of some idiot who failed his CSC networking class before he went to business school, he figured "Hey, MAC addresses are unique! Let's grab that, and ban based on that!"
Just like back then, he didn't do his homework. As others have pointed out:
1) These days, altering your MAC address at run-time is easy, either on your machine or at a router (which is a common component of broadband connections these days)
2) Hackers will have little trouble cracking this "closed source" program, so they can make it emit any or a random MAC address, rather than the machine's actual MAC address. This will not affect connectivity, since its use in this context has nothing to do with the actual connection to the server.
3) If all else fails, network cards are dirt cheap; cheaters/griefers that can't manage #1 or #2 will just buy another network card.
Basically, this "solution" will only keep out the stupidest and poorest grief players. Smart cheaters won't be affected; smart NON-cheaters will probably hack the thing just to show them what a bad idea it was.
I've yet to see an access control system that can't be broken or circumvented; this one doesn't even come close.
Xentax
You shouldn't verb words.
Now we all know that that cheating in online games is for the most part a Bad Thing (tm). We all remember the original Quake bots (my personal favorite was the StoogeBot) that required a certain measure of circumventing of built-in precautions. Generally when people were caught, they heard about it. Flames, kicks, bans, you name it.
Now we have issues of people using similar circumventions to get around copy protection instead of anti-cheating measures. I realize that this isn't exactly the same thing, but the two scenarios have a common theme: people using third-party software to use a product in a manner in which it was never intended.
What I find amusing is that generally (at least on Slashdot) the circumvention of copy protection is usually regarded as a Good Thing (tm), but becomes less desirable when it comes to games.
Could it be that third-party circumvention is a good thing as long as it doesn't negatively affect you?
"Ask not what your country can do for you." --John F. Kennedy
But the whole argument for this particular program to be open source is really pointless because they've chosen to break the #1 rule of multiplayer programming: Never trust the client. So it really does not matter if it's open source or closed source; the protection will be broken very easily, either by a script kiddie with a very basic understanding of a MAC address, or by somone who can reverse-engineer the data sent between the client and server.
--LordKaT
If they want something static, why go with MAC? They could just make an MD5 of some system specific info. That can't be easily tampered with. I'm not suggesting this, just making a statement :-)
Whether it's in the name of catching cheaters or catching terrorists, our freedom and autonomy are about to evaporate.
That's what I would do if I were writing the software. Bwa ha ha ha, etc.
:wq
Set up a few computers with bots hacked onto them and have the clients send out increments of MAC addresses, until all of them have been marked as cheaters.
Once nobody can connect they wont be able to use the system anymore. Shouldnt take too long if a few people here help out.
-- 'The' Lord and Master Bitman On High, Master Of All
What's the big deal? If a private network doesn't want to let you in, why should they? A unique MAC addess is just another way of establishing who you are.
-- Slashdot: When Public Access TV Says "No"
It seems people tend to confuse privacy with anonymity. Privacy means preventing others from getting information about you -- whether it's what kind of toothpaste you use or your SSN. Anonymity means preventing others from finding out who you are. The two are related, in that in practice they often go hand-in-hand. But they are distinct.
-Thomas
For many people, being anonymous online means "I can do whatever I want" because there are no significant consequences for their misbehavior. To these people, I say: life is much nicer when you are nice to other people. Try it, you might be surprised.
-Thomas
You have to weigh the damage that a cheater is causing against the damage that loss of about two legitimate players on the same /24 would cause. If a fellow is making a big enough fool of himself, and the service isn't yet popular enough that a ban might cause a financially significant number of cancellations of service, a "Too many cheaters from your ISP" message may be warranted.
No, friggin', way. I will NOT be held accountable for what other users, whom I have absolutely zero control over, do while online. To group me with them just because we pay the same provider for service (and in some areas there may be only one available provider), is discrimination. It's ridiculously thin guilt by association.
$8.95/mo web hosting
Since the ifconfig man pages contain instructions on how to change MAC addresses and
Since changing the MAC address would allow a cheater to circumvent access controls
Then are the ifconfig man pages now illegal in the US under the DMCA?
Call me dumb, but it seems to me people are overlooking the fact that this is a client software download and install. Perhaps the client software somehow records your MAC address at the time, and that is what is sent to their servers for authentication ever after. Perhaps they are aware of how easy it is to spoof a MAC address? So they could be generating an ID from the installation and initial connection to their servers, then stored on your machine inside their client. Change the MAC address any way you want (new nic, change direct, whatever), and they still know it's coming from you.
I'm not saying this is what they did, just wondering why everyone is so quick to assume they are smarter than they guys who designed this. Are you trusting their FAQ to give you COMPLETE details on how they are authenticating? Like a virus, once you let them install a game client, you are no longer in control. Still beatable, but the hassle of getting rid of the client completely (they could be writing files ANYWHERE once you let them install), combined with the fact that even if you succeed, you will have wiped out your client (and presumably therefore lose access to any history or scores on the servers), means this could be more effective than people are giving it credit for.
Spoofing MAC's is easy. I just wouldn't be so arrogantly sure that they've overlooked how simple it is to change a MAC address.
Ah, but the average cheater does know how to change the MAC address: visit their favorite warez/cheats site, download the application or instructions for changing the address, and change the address.
The smart cheater who writes the utility is central to the argument after all, since historically the smart cheaters have published tools for the ignorant ones not "eventually" but almost immediately. The smart cheaters have already published a workaround, and the rest of them already know where to find it.
Any sufficiently well-organized community is indistinguishable from Government.
So long as you don't change things that break your local segment (ie: duplicate MACs), then you're fine - go for your life.
I find your ideas intriguing and I wish to subscribe to your newsletter.