Posted Wed May 7, 2003 2:10 AM
Yeah I was reading the big fight about mac addresses, and had to add my bit.Number 1 I worked for big broadband network(7 million as I last heard it) and used to investigate/war room( control centre) data , and monitor the network, both in small segments, to the larger segments.Most of my experience I have seen, nothing text book wise, but have actually had the problem right in front of me.I dont know whos quotes I am using, but here it goes.And No I am not trying to start a fight.Just my experiences
"It would also send out a little message telling the head end the branch where the duplicate MAC was found, and then that particilar node would be carefully investigated for other strange activity. If it persisted, the guys with the little vans with the ladders would be dispatched and they would look closely on the wires up on the pole, find your house and knock on the door. "
Yes and No.For the fact each provider runs there servers Subscriber identification differnet.If we are going by mac address yes there would be a conflict.And no , a service man isnt going to go out and investigate it.No need to, all the tools are there at your finger tips.Most of the time you send a service guy to do 2 things on the pole .He is either going out there to turn on the tap, or he is going out there to adjust the frequency.And 9/10 times if it a service issue it a frequency adjustment.Hed will also go out and inspect the node to make sure it is in functioning condition ,and have a physical inspection of it.If there is a security issue they will monitor the network and sit.Also some providers run computer name/idenfication number so mac address are pretty much void, other than the modem mac.
"The very reason MAC level addressing is maintained on these types of networks is to be able to track down pirates and bandwidth theives. "
yes and no also, depending on how the provider runs there set up.I know for our huge network we used mac addresses for identification.And yes we had people with the same mac addresses.But our tools let use look at them.How you say?REMEMBER the service agreement u signed when u got the service? Well the provider is allowed.Rememeber your cable/dsl modem? Well the mac address talk to the modem if u want to say.And they reason why they do this is for 3 reasons 1)to control the amount of possible traffic on a given area.On the long term goal it is to know when to up the frequency and upgrade the servers.So x amount of mac address for so much bandwidth.2) So valid customers are identified and are protected against theft 3) depending on how ur provider works, but some and we used to, charge for ip addresses for each mac card.It is in there best interest to know how many macs to ip they are being charged.As far as bandwidth theives, I disagree.You cannot steal bandwidth with a mac address.You can try but you will not be able to connect as the server will not reconize a second identical mac address.I know we tried on a many occassions to test new software(All legal).There are really 2 ways to steal bandwidth other than find the line digigng it up and pinching into it. 1) you change the configuration file of the modem 2) or you have the tools to change the frequency of the line, which if u do an do not know the frequencys, your modem will disconnect as the configuration file is preset with the parameters.Also you will need abit of help with the server also, as it keeps live frequency readings.If you screw with those, screw up, that when A tech will come out and have a look see.
"We're not talking about the backbone here, we're talking about the ability for a MAC address to be known by someone other than you. By whatever means necessary. You seem to think that there's someone out there thinking that they can take an old linux PC and some alligator clips and tap into the internet backbone and sniff your traffic"
Yeah your provider, at about 2 clicks u can see everything.As a hacker, knowing who your provider is, and a few phone calls.
"I have no misconceptions, and am NOT using double talk, I am trying to give real world examples of why MAC addresses can be made up in a LAN without any major problem. "
Totally disagree.Called network conflict.
No I am not spouting technobable. The list of protocols was to illustrate that there is more than just EtherNet used, and as MAC addresses in this discussion are for EtherNet hardware, their propigation stops at the end of the EtherNet segment. Now as these various segments all over the world are linked by lots of other protocols that don't use the EtherNet MAC address, there is no way it is going to conflict with someone elses hardware unless they are on YOUR LAN in YOUR segment.
Slight disagreement, ok I disgree. segment? you talking within your network or on the network as whole?if it a a whole woooo no way.We had someone from seattle ----> florida with the same mac id.Remember each of those smaller segments equal one big one.All of our data was feed into out main frames and recorded all of this in a flash, so to say it would fine on your local network no way, on your natianl network no way.If you however ran one on one provider, and used on another provider maybe.Depending if they are sharing mac id information.You have to remember the backbone is owned in segments.A company will lease a portion of it, and the next area is owned by another.I know we used to cross refernce out stuff with other networks especially when we were goign to take over a segment or buy out a provider.But of course subscribers used our"software" which was nothing more than spyware.Pretty sweet stuff to.
"Is there ANY reason you can think of that a company would want to know the MAC addresses of devices on the network they run?"
yeah cash if they charge for ip address assigned to macs, or to get a better projection of future upgrades.Also to protect the subscriber.
"The fact that there's only a small chance your stolen number will cause a network conflict is beside the point. It's a stolen number."
Wow I would have to think you wouldnt be able to connect. also rememeber your mac address is only half of the puzzle, the other half is you cable/dsl modem.Without either you are goign to be SOL.Each modem mac is also assigned to mac addresses.So even if you had you modem , and started inserting strange numbers, the server wouldnt reconize it, unless u called them and asked u to add it.Of course if it aused nic, it will come back as alreayd used.Then u might get the sweatdown of who is the manufacture etc.
Anyways that my 2 cents from my ex job.Remember no fights I am not trying to pick any.
1
.
I tried to tell him might be good idea to unhook his network completely before he called them. So it seems they can tell after a fashion what is going on with a private network segment hooked to the internet through an ISP. 
That sounds strange to me.
