MAC Address Question

Discussion in 'privacy general' started by rubberducky, Dec 16, 2009.

Thread Status:
Not open for further replies.
  1. rubberducky

    rubberducky Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    31
    Can a web master or your ISP find out the MAC Address of your Ethernet Card?
     
  2. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    IF you are connected by a DSL, then they can for sure, unless your modem have own MAC.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have read here on Wilders that your MAC address cannot be seen over the internet. I think XB Steve said it was like trying to breathe in outer space. It's just not available to websites, etc...
     
  4. duk

    duk Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    28
    Of course, both can do that. The website also can do a reverse engineered easily through JAVA Applets or other external plugins in web browsers.

    Here is an example: MAC Address lookup
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    The answer to the general question is no. Just no way. The dangers in MAC addresses is having router/WAP/logs match your MAC address if there was a criminal investigation. But it is not transmitted over the internet

    duk, the above is for somebody doing this with their own computer. As in "What Is My IP?" except it's a "What Are My MACs?"
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    If it is not transmitted over the internet then how can the website read it back to you?.....as in the above example.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    That website is using java to get the info from your PC.

    Your MAC address is sent out with packets, but it only goes as far as the first hop.
    The easiest way to explain is if you think of a router. A router uses NAT which translates the internal private IP into the external WAN IP. The router also translates the MAC address, from private (the PC) into its own MAC address. If you connect directly to the Internet, through, as example Cable, then you will be connecting through your ISPs gateway, so your MAC address will reach there, but then the MAC address in the header info of the packets are translated to the MAC address of the gateway before they are sent on (this translation happens at each hop going out, then at each hop coming back).

    An easy way to see this translation of MAC address is to simply sniff(capture packets) while you are browsing. All the returned packets will have the same MAC address, it will be the MAC address of the last hop before reaching your PC.
     
  8. duk

    duk Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    28
    Okay, not naturally by the network architecture, it is obvious, as is done with our IP Address. But what I tried to show is that it can be done so through reverse engineering, which only depends on the imagination of the attacker (ISP, website, authorities...), even being remotely and not local.

    The question was only if the web master or the ISP can find out the MAC Address. My answer is still yes (as it was not specified how or where).
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    ISP ? Quite possibly.

    MY ISP assigns IP addresses to routers based on their MAC.

    I suppose it depends on their way of doing things, and on the modem/ISP configuration.
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    NOBODY OUTSIDE YOUR LAN CAN SEE YOUR COMPUTER'S MAC ADDRESS. PERIOD.

    Your ISP can see your cable / dsl modem's MAC on the first hardware device they control, such as the domain router or neighborhood switch, because that is an ARP domain between your cablemodem and the ISP's domain router. After that, it does not see the cablemodem MAC, because it is outside the ARP domain. The ISP cannot ever see your computer's MAC address.

    A MAC address is not transmitted outside of an ARP domain (ex: the link between two physically connected network devices).

    Your Computer <--> CableModem <--> ISP's Domain Router <--> ISP's Border Router <--> Internet Router

    All non-transparent network devices have a MAC address. Only the devices immediately on either side of a <--> can see the other's MAC address. "Your Computer" can see your CableModem's MAC address, and vice versa. "Your Computer" cannot see "ISP's Domain Router" 's MAC address, and vice versa.

    The people who worry about MAC addresses are typically those who are trying to steal service from an ISP. Your computer's MAC address does not track you, as access to it is insulated by your network access hardware (cablemodem, etc). Analogy: You're not worried about the internet stealing your fingerprints because they are only exposed to your keyboard, and don't go any further.
     
    Last edited: Dec 23, 2009
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    That is certainly incorrect with my ISP/setup.

    My cable modem has 2 mac addresses, one for itself and one learned(which is my own gateway). While the cable modem is active, all packets from my gateway are directed to my ISP gateway MAC, not to the cable modem MAC.
    So I see my ISP gateway MAC and they see mine.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Just worth mentioning.
    Quite a few ISPs will bind your IP with your MAC address. Some will not even allow you to change your MAC address without permission. Some others, like my current ISP will allow a MAC address change, but when I change my MAC address, my IP also changes.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Steve you come up with some of the best analogies I have ever heard. You would make a really good teacher.
     
  14. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That is abnormal, and your ISP is cheating with custom hardware in your home. So what is going on is your ISP's gateway is running ARP and requires a special modem to break the rules so it can bridge an arp domain. What would happen if you used a standard cablemodem and matched the MAC address to your existing device ID, so it didn't share a mirrored MAC to the ISP's gateway router but still had authenticated access?
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I cannot call it abnormal, as I have seen other ISPs with the same. However, I have had this modem/ISP for approx 6 years and my ISP no longer sends these out to new customers (they now send out wi-fi modem/router)

    I can (and do) block all ARP to/from ISP gateway(use static entries) and connect with no issue. There is however a direct ARP request from ISP gateway every 3H-59m if no activity from my end (but I drop that).

    I have never replaced the cable modem and found no reason to. But I cannot see any possible issue if I did.
    I change my Gateway MAC address regularly, not for security reasons, just because I like to change my IP.

    The ISP also runs an embedded private LAN (10.*.*.*) for cable TV.
     
  16. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, Steve, in my setup it's like this:

    computer>router>cable modem>ISP/internet

    When I use my router in this configuration I get a different IP compared to a direct connection without the router.

    I'm fairly certain that IPs are assigned to the MAC of the router (what else?).
    I think that when not using the router, the IP is assigned by the modem/ISP.
    So my guess is that my ISP doesn't check my ethernet card, but I'm not sure.

    I presume the router, modem and the ISP 'communicate' to assign me an IP on the WAN side.
     
  17. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Couldn't this be caused by running a cable-modem in bridge-mode?
    A know alot of cable-modems that do only that.

    But something tells me that bridge-mode only tells you something about the ip-adresses and nothing about the ARP-configuration itself.
     
  18. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    With cablemodem ISPs, the IP address is assigned using the MAC address of the Cablemodem. With DSL modem ISPs, I think it can use a circuit ID or the MAC of the DSL Modem. With fiber, it is done by circuit ID. With WiMax, it is done by WiMax Modem MAC.
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK

    Well, I am on Cable, and I know it is my gateway MAC that is bound to my IP, not the modem MAC.
    You really should check your info.
     
  20. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    What device is acting as your gateway that is generating the MAC? Here they do have *some* gateway/modem combo devices, as well as standalone modems. I've seen this with AT&T DSL lines on occasion, but not on Qwest, Comcast, or Time Warner (US providers). Who is your provider?
     
  21. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    I changed providers and found the above to be true.

    My previous DSL provider had dynamic IP address assignment.

    After joining my current provider, I noticed that my IP address was static so I complained. When asked, their tech support didn't give me a straight answer. After messing around with the routers MAC address, I found I could change the IP address assigned at will by changing the router MAC address.
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    We do a similar trick with NIC card MAC addresses because they do share an ARP domain to the gateway sometimes. We've seen this in comcast cable. With verizon fiber you have a direct circuit ID that connects the NIC/Home Gateway Router to the ISP's gateway router/switch. I'm going to have a protocol analyzer hooked up to some local DSL to see what it is. It may just be sharing hashes of the MACs or something else that is depending on the MAC. The bottom line is that *if* the ISP uses a device that forces to extend an ARP domain across the modem device to the gateway device, it *could* get the gateway's MAC, it *could* get the ethernet NIC card MAC, but the ISP is NOT running an ARP domain to the external internet so the internet can't get your MAC, and the ISP already knows who you are so sharing the MAC with them doesn't change much.
     
  23. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    The best MAC changer I know of is SMAC, it will match the fake MAC address you choose with the right ethernet manufacturer. Apparently some of those MAC numbers identify the manufacturer of the card.

    If you need a free MAC changer for Windows with less features you can try TMAC
     
  24. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere

    http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
    (Scroll down a little).....it's another good one w/database of manufacturers.
     
  25. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
Loading...
Thread Status:
Not open for further replies.