Thread: HELP! iMac, cable modem won't go.
View Single Post
Old 25-02-2007, 09:09   #104
melevittfl
Inactive
 
Join Date: Jun 2003
Posts: 96
melevittfl has a spectacular aura about themmelevittfl has a spectacular aura about themmelevittfl has a spectacular aura about themmelevittfl has a spectacular aura about them
Re: HELP! iMac, cable modem won't go.
Quote:
Originally Posted by Dark Fiber View Post
Mark,
<Grovel Mode ON/ It may amuse you to know (or it may annoy you intensely!) that my speculations were based on a mistake. I wrongly thought that Stripes had _successfully_ spoofed the G3 MAC address into his iMac and that this had _not_ permitted connection to the cable network.
Ahh. Yes, I can see how that would lead you down that line of thinking. No worries. I hope I didn't come across badly in my reply.

Quote:
Originally Posted by Dark Fiber View Post
Thank you for the Wiki info, it will take some time to assimilate. I note that the Wiki includes the phrase "if the service provider is able to detect that a MAC address is spoofed". How would this be achieved if the spoofed hardware is truly _identical_ in its responses to unaltered hardware? Do you, in fact, believe that the MACs in home gateway routers are identical with those installed in computers?
Yes, the ISP could detect a cloned address, but it's nothing to do with the hardware. One possible way is simply by seeing if the data "makes sense". If you notice, the default, or "burned in" address starts with a sequence that is unique to a particular manufacturer. So, Belkin routers will have a MAC address that starts with XX:XX:XX (for example), and Apple computers will have a MAC address that starts with YY:YY:YY.

Now, the TCP/IP stack (the bit of code that implements the TCP/IP protocol) of an operating system has characteristics that usually allow it to be identified. That is, by simply connecting to a networked device, it is often possible to determine which operating system it is running. If you search for a program called NMAP, you'll find an example of a program that does just that.

So, lets take Stripes' situation. NTL can look at the (now cloned) MAC address and determine that it was assigned to Apple. However, if they scan the machine, they will see that it's not running Apple's OS X, but rather an embedded OS (Linux perhaps). This gives them a clue that the MAC address has been cloned.

There are other ways, but they generally rely on the same kinds of things, rather than on any difference in the address itself.

As you can see, it's not a foolproof process and it takes a bit of detective work, so I doubt most ISPs bother.
melevittfl is offline   Reply With Quote