|
-
July 3rd, 2002, 06:58 AM
#1
Banned
MAC tutorial
A MAC address is a unique 12 digit 48 bit number assigned to every network adapter. They are often used to uniquely identify a MAC on a LAN. A MAC address is organized like this:
XX-XX-XX-ZZ-ZZ-ZZ
If you are using a network adapter and wish to see your own MAC address, you can use winipcfg for win9x systems
ipconfig for win2000 and winNT
ifconfig -a for linux
And if you are using a macintosh, then you must do one of two things to find out your MAC address. Go into the TCP/IP control panel, then if you are using MacTCP click the ethernet icon or if you are using open transport then click info or user mode/advanced
The first 3 sets of numbers, or the first 6 numbers indicate the manufacturer of the network adapter, and the last 3 sets of numbers or the last 6 numbers indicate the unique number that the manufacturer gave to that specific network adapter. So, right there, you can see that an obvious security issue exists. Which is just one more reason to obtain a good firewall and to block sites and other users on the internet from seeing your MAC address. Also, if you use Win2k or Linux you may be able to change what others see as your MAC address. To find instructions on this plz see my other tut on MACs at
http://www.antionline.com/showthread...hreadid=231058
MACs work at the data link layer in the OSI model, layer 2. Many IP networks maintain a list of the IP addresses for a device and the MAC addresses. That is what is where ARP comes in, this list, is the ARP table or ARP cache, (Address Resolution Protocol).
I have included a list of MAC manufacturers and what their MAC prefix is, so that if you do not know the maker of your network adapter, consulting the list will porbably tell you.
And one more thing, many broadband providers use DHCP to assign IPs to their users, so changing MAC addresses or tampering with them could cause you to be cut off from your broadband provider.
-
July 3rd, 2002, 09:25 AM
#2
Junior Member
I have gone through your mac vendor list and I can't find my mac vendor on the list. By the way I using win2k pro. Is this as it should be? Appreciate any reply.
-
July 3rd, 2002, 09:28 AM
#3
Banned
Well, I'm sorry. I know that list doesn't have evrey vendor, just most of them. Sorry if yours isn't on there but maybe if you searched google for you MAC address you could find the vendor. Hope this help, again, sorry.
-
July 3rd, 2002, 11:04 AM
#4
The first 3 sets of numbers, or the first 6 numbers indicate the manufacturer of the network adapter, and the last 3 sets of numbers or the last 6 numbers indicate the unique number that the manufacturer gave to that specific network adapter. So, right there, you can see that an obvious security issue exists. Which is just one more reason to obtain a good firewall and to block sites and other users on the internet from seeing your MAC address. Also, if you use Win2k or Linux you may be able to change what others see as your MAC address. To find instructions on this plz see my other tut on MACs at
You don't seem to understand a very crucial piece of information about MAC addresses. You said that MAC addresses are used at the data link layer. Do you understand what that means? That means that when your box sends the packets across the wire towards their eventual destination, your box plants your MAC address inside the ethernet header. Then, the very next router that your packet hits along the way throws your MAC address away and put's its own MAC address in the ethernet header as it sends it along to the next router. So the only machine that ever sees your MAC address is the first router outside your personal network, regardless of how often you change and/or protect your MAC address. AKA, you can't protect yourself from people on the internet seeing your MAC address because they never see it anyway.
-
July 3rd, 2002, 12:02 PM
#5
Banned
Actually, with netbios tools it is possible to see a user's MAC address.
-
July 13th, 2002, 07:13 PM
#6
how do you grab the MAC Address. I saw code for it using Ping and traceroute but i seem to have lost it. I'm not trying to do annything bad just want to know how.
-
July 13th, 2002, 08:12 PM
#7
terminalillness someone already answered your question on this thread
http://www.antionline.com/showthread...hreadid=232122
You can use the arp command to get mac address of computers on your loacal network. Read up on arp tables for some more info. Unless a program sends you the mac address there’s no way to get it. Mac address info is only used to go from one hop to the next.
Its not software piracy. I’m just making multiple off site backups.
-
July 14th, 2002, 01:13 PM
#8
A little snippet from an AP I got, and since it wasn't signed I'll answer it here:
i am guessing you have never visited grc.com because people with vulnerable computers can be
shown their MACs there
On the contrary, I have visited GRC back when I first got really interested in computer security. It's a great little site for people who don't have the resources to scan their own network from then outside. Just for the record, however, GRC can only retrieve your MAC address if you have netbios sharing enabled to the entire world. Even Microsoft is smart enough to tell you that that's a bad idea.
But that's neither here nor there. We'll assume that you've got NETBIOS open to the entire world (/me cringes). Can anyone tell me of an attack that uses MAC addresses as a critical component of the attack? Before you answer dsniff, let me qualify that to be any attack that works on someone who is not on your local subnet. Because lets face it, no matter how good your security is, if you are using IP traffic at all, you cannot hide your MAC address from the people on your local segment.
So, in conclusion, the only people who can harm you by knowing your MAC address are people on your local segment, and you can't hide your MAC address from them anyway. And you're right, NETBIOS does (stupidly) give away your MAC address if you haven't turned off file sharing to the entire world. But even if you leave that on, and someone gets your MAC address, they still can't do anything with it because it's worthless grabage to anyone who isn't on your segment.
So my question remains, why are you trying so hard to protect you MAC address?
-
July 14th, 2002, 06:39 PM
#9
So my question remains, why are you trying so hard to protect you MAC address
Protecting your mac address seems silly. But maybe its because its unique to your network card and there for great evidence if you were do something illegal. Or maybe it’s because he’s a paranoid nut who thinks everyone is out to get him. In conclusion you can change you mac address if you feel inclined to do so.
See this thread on changing mac's
http://www.antionline.com/showthread...ge+mac+address
-
July 14th, 2002, 07:35 PM
#10
Like str34m3r and the others said, the only way to get a remote host's MAC addy is if you are on the same ethernet segment. However, nothing stops an application layer protocol from giving it away as data... (Just like it ain't possible to know someone's credit card number by a phone call, but nothing stops that person from telling you his CC # during that call...)
The only situation I am aware of where changing your MAC addy is necessary is if your DSL or cable ISP uses registered MAC addresses to allow access (like static DHCP records or just plain MAC filtering) and you need to use a NIC diffrent from the original the ISP has registered...
On the other hand, wanting to keep your MAC private from public might not be that paranoid: if I recall correctly, the author of the Melissa virus (or one of those...) identity was confirmed because he add edited the the macro with Word, which marked .docs with a GUID which included the MAC address if availible...
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
