Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
not banned anymore :D
What would Brian Boitano do?
1) Get your mac adress banned
2) Sell Network Card
3) Some one buys new card
4) They are banned
There will be plenty of second hand NICS for sale becuase of this. its a 1 2 3 profit plan.
Too many violations from that IP range? Ban the /24 it came from. Send back a "Too many cheaters from your ISP" error.
MACs are too easily changed, but then again, so are IP's. But considering most gamers have DSL with a static IP, an IP ban is a much better option.
Uh, that might actually BE the point - anyone with $10 for a new NIC can change their MAC address, no brains required...
;-)
If you have brains, you can save $10...
Mark
There's really no need to change your MAC address.
They're violating the simple rule about never trusting the client. All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless. You don't even have to change your MAC address. And since MAC addresses are only used at the Ethernet level, not at the [TCP|UDP]/IP level, it doesn't matter that the server thinks your MAC address is different than it is.
They've been trying this crap for years with cable modems. Until I got a router, I used to use two different machines, each with the same MAC address installed. Worked out great. It's easy to change, too. It's also let me on at friends' offices, where access is MAC controlled. We log on a machine, write down the address, shut it down, boot mine up, change the address, and log on.
Who does it stop? Honest people.
Who won't it stop? The same people hacking their games in the first place.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
Uh, no you won't. The only time MAC addresses make a difference is in ARP packets, and the only place MAC addresses make a difference is on your local LAN segment. The fact that two people in different cities have the same MAC address matters not a whit to the routers between them.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
No, it's not going too far. The game server admins can run the server however they choose fit. If you don't like the rules, don't use the server!
However, the majority of people don't know how to reset their MAC addresses. Also, as I believe to be true, some broadband providers specifically use MAC addresses to verify access. For instance, my Comcast cable modem does everything by MAC, so if I change my NIC in my machine, I need to power off/on the cable modem in order to get back through to the Internet. Although this is sort of a minor issue, some other ISPs may be more strict about MAC changes.
Overall, the admins figure they will cut out 99% of the hacking attempts as people would just go elsewhere, or once they did cheat, just wouldn't know how to change their MAC.
What happens if you are logged in via dial-up? Will it ban the MAC address of the box at the ISP that you're dialed in to? :)
NAT routers such as the Linksys range allow you to specify the MAC address from their web-based setup - ideal if your broadband provider insists on you registering (and limiting the number of) MAC addresses of all the machines going to connect.
I wonder what they'll do when they discover several simultaneous connections to the server (and sessions) from the same MAC?
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
Does not the current IPv6 address allocation standard specify using your MAC address as the suffix portion of the IPv6 address? This is merely a taste of things to come if/when IPv6 becomes widely deployed, when your very IPv6 address can uniquely identify the hardware you are on (unless you use IPv6 NAT, of course.)
And yes, presently, you can probably change the MAC address of your system. However, once software vendors and DRM technologies and other things start locking themselves to your computer hardware, I suspect changing the MAC address would cause problems. The only thing this game company has to do is when the game is installed is to lock the licence to the present MAC address so it will not run with a changed IP address without a new licence.
here's how to change it for nt/2000
windows2000faq
-advanced tab in adapter properties
linux
eepro100 list
-ifconfig eth0 hwaddr ether 00:11:22:33:44:55
this is exactly why microsoft's registration process uses a lot more than just the mac address.
Nope, MAC addresses won't work. You'd have to have a unique number that's hard coded into something expensive. The Pentium III's CPUID feature would work. However, as much as I hate cheaters in my favorite games, I don't like an ID number open to abuse.
Quake III has recently enabled anti-cheat software called Punk Buster. It does a ban via your Quake III CD-Key, so you can't play on any Punk Buster enabled servers if you get banned. But with the game under $20 at BestBuy, I'm not sure if it will stop many of the problems.
Cthulhu Saves.
But if you're on the same segment, then routing is not an issue.
As noted, the answer is trivial: generate random MAC addresses. They are 6 bytes long - plenty of room for everyone to tumble the address every day and still not collide.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
When I was involved with the initial deployment of DSL service in Canada, our customer ran into an interesting problem: many of the low-cost NICs that they shipped with the DSL modem had the same MAC.
Under most circumstances, this is seldom an issue since the NICs aren't likely to be deployed on the same network segment. However, when the MAC is used for other tracking services (in this case, a layer-2 NAT), you have a problem.
And of course, as others have said, most NICs permit the factory MAC to be overridden.
>"...Question remains, is it going too far?" Definitely not-
Thanks for answering that one for us. Without your moral framework we would be lost in the chaotic hell of self determination.
Why stick up for big business?
Many ethernet drivers with this capability have an option for just this. For example, if you have a 3c918, click "configure" under network properties in win2k for that adapter. Select the "advanced" tab. On the left, you'll have an option called "network address" that's normally set to "Not Present". Change it to a specified value, and type in "DEADBEEFBABE" or whatever MAC address you want.
Bingo.
Black holes are where the Matrix raised SIGFPE
It's solid code of honor amongst Clans not to cheat. Anybody as dedicated to playing online action games would render his pasttime pointless by cheating. And if anyone found out you've cheated your way into Ladder position you'd get an extremely hard time (on and offline).
:-)
And when you're playing on a public server, cheaters are easyly identified by playing like crap and either scoring immediate kills once they actually *do* manage to hit or by simply not throwing the towel no matter how many times you flak them at point-blank. Both area mostly less than minor drags to a skilled player and have a somewhat funny aspect to it.
I've seen entire matches in UT (1st) where cheaters we're just plain ignored because of the simply fact their skill level (not trained by playing under real conditions) rendered them something more like 'moving obstacles' rather than actuall participants.
Anyhow, some one using more subtle cheats, such as see-through textures or so, can be anoying. Then on the other hand, if you're that good to know for shure that someone is using such a cheat, you'll be playing clan games most of the time anyway. And I haven't met a single Clan player cheating yet. At least none of mentionable Clans.
BTW: I once had a cheater on my team in a pub UT CTF match. I switched sides and telefragged him 'til he gave up and disconnected. That was fun.
We suffer more in our imagination than in reality. - Seneca
Microsoft machines will tell you their MAC when you do a NBTSTAT on them. At least one ISP I know of blocks NetBIOS traffic because of uncontrolled file sharing, but I don't know how common that is.
Personal firewall software should capture the request or block it too, so there are a few ways to thwart the method.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it... "Hey check out my website dedicated to your demise!"
As for changing your MAC, what if the third party program doesn't read the MAC from the network stack, but pulls it from the driver? i.e. using the same calls the Network stack uses to get it in the first place?
I wonder how many people will change theirs to same as mine...
-- bartman
Whether it's in the name of catching cheaters or catching terrorists, our freedom and autonomy are about to evaporate.
If there's one card on a network, and you add another, the question becomes "what are the odds that the two cards will pick the same number?" Since there's 48 bits of entropy(minus a small range for multicast addresses and broadcast), the odds are effectively 2^48.
This is big.
If there's many cards on a network, and you want to know how many total you can add before two of them will end up with the same card, the answer's far smaller -- 2^24, which is still pretty huge(it's a bit more than 16 million). It's a different problem because each time you add a new card, the card after has one more it can possibly match with. This is known as the birthday paradox, so named because this precise logic means that given 23 people in a room, there's a +50% chance that two people have the same birthday. Each new person is one more to match with.
In reality, this is a moot point: MAC address prefixes are assigned by manufacturer, and the manufacturer serializes their cards such that no two shipped devices should ever have the same MAC address. Sometimes there are screwups, but they're pretty rare as far as I know.
To debunk what a couple people are saying -- yes, MAC addresses as exposed to the network can be changed, but MAC addresses as detected by custom client software may be more tricky. Whatever the driver is exposing to the network, the card itself can't usually have its MAC address written over(i.e. once power is cycled, that card's returning to original shipped condition). I'm positive there are exceptions to this, but they're probably rare.
Actually, this gives me an interesting idea. You can probably remotely fingerprint the age of a computer based on the MAC address of its ethernet card...and if IPV6's MAC->IP shove goes through, you'll be able to do that reasonably remotely!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Simple: if you are winning at Counter Strike despite a ping of 1,000+, then you must be cheating.
I mean, duh...
--- My dad's political betting
It is a typo for "Tolkien Ring", a system in which the computer that holds the "One True Ring" becomes the most powerful machine on the network.
I metamoderate, therefore I am
Great. This is another way to get rid of those pesky, honest players and my enemies.
I'll just assume their MAC address, misbehave like hell. Their MAC gets banned, and I get rid of the losers.
Alone, I shall reign through spite and malice.
Stop the brainwash
Since the ifconfig man pages contain instructions on how to change MAC addresses and
Since changing the MAC address would allow a cheater to circumvent access controls
Then are the ifconfig man pages now illegal in the US under the DMCA?
I work tech support at a small liberal arts college, and we require all students to register their machines within three weeks of getting on campus. We then lock their ports to their MAC addresses. If you need to move or change your card you can re-register, usually the change goes through in a day. We did it to make it easier to detect and limit email worms. If we see it coming from some specified port we close it off and the flag passes to the techs. So far it's worked pretty well, often we get people coming to us complaining that "their Internet doesn't work," usually it's because they got Klez and we shut their port off. Decent alarm system, really.
No statement is true, not even this one.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it...
No need for social engineering. Anytime you play a game with someone you create an internet connection, that means your machine has to know their IP address. On Win98 (and probably all MS OS's) just open a dos window and type NETSTAT to see the text version of their address (userID.AOL.COM), or NETSTAT -N to see the dotted IP address (123.45.67.89).
Lots of people hesitate to tell you their IP address, thinking it is some big secret. It's rather amusing to get into a game with them and say "Your IP address is 123.45.67.89, your ISP is RoadRunner, and you are in Southern California, right near the coast".
How do I do the last part, naming their location? Just type their IP address into visualroute. (Requires Java) One end of the line is fixed at the visualroute server, the line shows the physical location of every server along the route to the target. You can click the map to zoom in.
It is interesting to note that it is not uncommon for servers locations to be completely different from the country code in the address. For example www.indymedia.org.il (Isreal country code) is actually hosed in Chiago USA. Often it is simply more convient getting content hosted on major US server farms, but sometimes it could be relevant for legal reasons, or it could even be intentionally missleading.
P.S.
I used www.indymedia.org.il as an example because it's the only example I remember off hand. I recall that one becase indymedia is anti-isreal, and I suspect the Isreal country code may be intentionally missleading. The indymedia "news" sites are certainly independant, but in my oppinion extremely biased and unreliable. It is a good source for certain stories the "major media" may have neglected, but double check any information you get there. The writing often drops to the level of pure propaganda.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.