MAC Address Question

But if the website is reading the correct MAC address back to you, then the website has it. I understand that you choose to click on a link that is labeled "click here for your MAC address", or whatever, but that button could just as easily say "click here to upload your pictures to Myspace", or "Click here to accept our TOS"....etc.

Unless I am missing something here, it seems like it would be a simple matter for a website to trick people into giving up their MAC address.

 

Getting the MAC address is just something that Java can do. See <www.cowtowncoder.com/blog/archives/2007/05/entry_35.html>. If it's important to hide your MAC address, you may not want to run scripts, or at least to run them in a VM.

 

Websites, by default, dont see MAC-addresses.
Perhaps a website with the right script could obtain such an address from a visitor's computer. Although someone elses MAC-address seems fairly useless to me.

 

Hardware and software licenses typically use MACs, I believe. "Factory" MACs are globally unique, and the first part identifies the manufacturer. In theory, an attacker could get the serial number of your NIC, router etc. from its MAC, and then determine who had registered that device. An attacker that knows your true IP and your machine's MAC has a pretty good shot at knowing who you are.

 

Again, I know of no such software or hardware that would "look" at the MAC-address of your NIC. Not even your ISP would be interested in that.
You also mentioned software. What kind of software are you getting at that would mind someone's MAC-address?

 

Although I can't speak to "interested", the site that caspian linked to ...

... does seem to report one's true MAC address. However, I don't see the MAC address being reported with Wireshark. Perhaps it's concealed. Or perhaps the browser renders the page locally without reporting the MAC address. I don't know.

Well, according to Wikipedia, "Windows Genuine Advantage checks the following components ... MAC address".
http://en.wikipedia.org/wiki/Windows_Genuine_Advantage

 

"Windows Genuine Advantage" has nothing to do with the network at all.
WGA uses several points of data concerning your hardware to composite a fingerprint that matches your hardware with an (un)activated Windows-license key. Both the key and your hardware-composition makes up a unique fingerprint/hash for Microsoft to verify the legitimacy of the software.

Concerning Wireshark; that is a packet-sniffer, that as the name implies, snifs packets between 2 machines.
Usually your computer and a router/modem.
Within that traffic is MAC-address being send to the router, and vice versa.
It's not concealed, just part of your everyday payload of network-packets.
BUT, your MAC-address doesn't get send any further than the router/modem.
It doesn't get relayed, or what ever.

 

The website, that Caspian mentions, uses Java to get the MAC-address.
My browser, that blocks all running scripts bij default, including Java, doesn't show my own MAC-address.
The Java-script circumvents that what can not by acquired through normal internet-traffic over such a "distance".
And by distance I mean everything with more then 1 hop in between, meaning everything you do on the internet basically.
So the Java-script asks your computer directly what its MAC-address is.
Again, that has nothing to do with network-traffic by itself.

 

A common use of your MAC address currently is by pay wifi services that restrict to a single user or provide a limited amount of time per day for free. The identifier is the MAC address of your NIC, so that only a single user can log on and use the service with one subscription. One local service here also provides 30 minutes per day of internet connectivity for free each 24 hours. You can actually get more by swapping in another NIC, since the only ID is the MAC address of your NIC. But your MAC address goes no further than the wifi service unless they share their records with a third party. Just a part of the management software for the service.
As far as Wireshark, the attached shows the the NIC / router MAC traffic being sent via the ARP commands as a part of the (DHCP) setup of the wireless IP. But again, not sent out beyond your LAN.

 

BTW, the same logic applies to the WAN side. Your WAN IP (via DHCP or other) is bound to the MAC address of your router, so that is what your ISP knows about. If you don't have a router, it is bound to the MAC address of your NIC, so knows that one.

 

Perhaps I was unclear. Monitoring my computer's physical NIC with Wireshark, I see very frequent ARP broadcasts from each local device that's up (identified by MAC) requesting MACs for all local devices, and responses from all that are up. When the OpenVPN link is up, I also see traffic to and from it, and no other non-local traffic.

Monitoring the OpenVPN TAP adapter with Wireshark, I see ARP broadcasts from devices in the OpenVPN network (10.*.*.*) requesting each other's MACs. I also see occasional browser announcements that include my computer's local name, but nothing that includes its MAC address. And of course, I see encrypted OpenVPN traffic.

While running the get-MAC script on www.ipaddresslocation.org, I don't see any packets on either adapter with Wireshark that include the plaintext MAC of my computer's physical NIC, except the local ARP broadcasts and responses that don't go out via OpenVPN.

Anyway, I get that local MACs aren't relayed past the internet router, or at most past the ISP, as part of normal networking. OTOH, I know that scripts/apps with adequate rights can get local MACs. What I don't know is which of them report MACs past ISPs. Does WGA report MACs to Microsoft, or just the results of legitimacy tests? Although I don't know, I see no reason why it couldn't.

 

I am a musician and I like art, music, and fun stuff. And I collect animated gifs and things like that. It's sort of a hobby. So I do not want to block scripts all of the time. And I also like to blog a little and I intend to start doing this on a much larger scale soon. As far as I know, I need scripts enabled to create a nice looking blog.

I posted a concern about MAC addresses a while back. I have a Myspace account. It is an old account and it has my real name and info. I still have a few accounts like that. But I had considered opening another account just for fun....to post art and some political stuff, and I wanted it to be anonymous. Someone in a post here at Wilders mentioned MAC addresses. So I started thinking that if they did collect those then they could easily see that I was the owner of the other account....regardless of the fact that I use a VPN. Probably no one would intentionally look, but I would think that it would be a simple matter to create a program that could automatically correlated such things. And it would seem that if MAC addresses are being collected that they could be used as another identifier.

I tried the program out that was mentioned above, SMAC. I may purchase a copy. It seems simple enough to use, so why not?

 

The site that has been linked to is not "getting" your MAC addresses. Again, as I said in an earlier post, it's for your own computer. It executes a Java applet that runs locally and shows YOU on YOUR PC your MAC address. They can't see it. It's very much like the old Javascipt trick when software peddlers (like Evidence Eliminator) would execute a script that seemed to show all of your files, complete with file names, photo names, etc. Just like this MAC thing, it was simply executed locally, showing you your 'My Documents' folder. Same kind of thing here, there's just no way for its transmission across the Internet.

Rogue keyloggers/spyware running illegally on your PC (or from Law Enforcement) could send your router logs to the attackers email address, which would identify the MAC address of your NIC which could later be used by LE to make a "positive match" to a PC which has been impounded in a raid. That's where the MAC becomes evidence in computer crime cases.

 

Thanks for explaining that. But I am having a difficult time understanding how a website can read back information to me without possessing that information. I mean, I am looking at their website and reading from it. Are you saying that the information that I am seeing is not being sent to me from the website? Because it sure looks that way.

As for law enforcement being the only people that would collect that kind of data....I would think that it would have to be for some serious crime and not for something like downloading music or that kind of thing. At least I sure hope that's the case.

 

Generally, you don't actually readout a web page directly from a website. If you look at the html source code for a page, it is actually a mosaic of information brought in from various sources via hyperlinks and assembled into the page by your browser. Ads, for example, pictures and data from other servers, ... . In the case of tricks like this, a space is made on the page for material generated locally by a JavaScript to fill in, and this is what you see.

 

Okay then. Thanks for explaining that. I have a vague understanding of that since I have used html codes to pull images into blogs from other sites. So the Java feature is able to give your computer the command to fill in the blank, but it is unable to retrieve that information and send it back??

 

Once the script gets your computer's MAC address, what stops it from reporting that to the webserver? Metasploit's <http://decloak.net/> creates a temporary page with the results from each IP decloaking test. Is the distinction that all of that information comes from requests that your computer makes to the server, in some cases perhaps revealing the true IP address?

 

WAN IP addresses are a bit different-the server needs that to deliver the information you requested to an internet destination. Your MAC address is only needed to associate that with a real piece of hardware. Malware can report your MAC address just like it can report your SSN, passwords, bank account information, etc. if you are not using a good firewall and anti-malware product and making sure there is no connection that allows that to happen. As Lockbox discussed previously, there are malicious tools that can collect all sorts of information and report it out if you don't stop them. But the routine management of a network doesn't require your MAC address to be propagated.