I was contemplating the ins and outs of a reliable banning system, and figured that being able to ban MAC addresses would be very handy. Now, I'm not an expert on how the IP protocol operates. IIRC, a MAC address is always included with every IP packet, but which MAC is it? Is it the MAC of the last router the packet passed, or is it the MAC of the host that originally sent the packet? Banning MACs would be of little use if all it did was to close off all routes to the server. If it is the latter, how come this hasn't been taken advantage of before?

It's the former. You can have your client application read the local MAC address and send to your server I guess, but that could trivially be comprimised.

I would suggest a registration system to tie a specific user to one key and ban that way. MAC addresses can be changed by a user pretty easily. One tool that comes to mind is SMAC. It can change the MAC addresses on nearly any interface very easily.

Also, you could do what punkbuster does. It has the capacity to ban people based on their hardware configuration.

g/l

Quote:

Original post by RDragon1 It's the former. You can have your client application read the local MAC address and send to your server I guess, but that could trivially be comprimised.

That's what I expected. Still unfortunate though. Thanks a lot for the quick replies.

You'll have to ban on a combination of things.

I suggest hard drive serial(s), MAC, and anything else. Don't make it blantantly obvious what you're using and you should be ok for quite some time.

Get those elements and hash it together somehow. Tie it to an account when they sign up. If someone tries to sign up on that computer after it has been banned, they can't.

You can only get the MAC by asking the client.

A problem with banning MAC addresses: Some ISPs (for example AOL) provide a "network adapter" for their dial-up, which generates a MAC in a given range (or maybe even uses a fixes MAX). Banning one of these may ban a lot of users from the same ISP!

Another problem with banning MAC addresses: some network cards allow you to change the MAC. Thus, someone who really wants to grief will get one of these, and change each time he's banned.

A comprehensive approach to keeping griefers out is necessary -- if you can't just make them pay for each registration key, then IP, MAC address, system specifics, physical address, and other properties should all be taken into account when finding potential re-registrations from a banned user.

Be careful about what you read and transmit, and be sure to ethically respect my privacy as a user at all times. I shouldn't have to give you the serial numbers of my hard drives if I don't want to. (And I want to know if you're capturing and storing that information)

The IP Packet actually contains both addresses.
A Destination mac address and the sender mac address.
If it didn't contain both then there would be no way to determine where to send the packet to and from.

I should have a powerpoint presentation that covers it around here somewhere from uni. If you want it just message me your email address and I'll send it. Might have to give me a couple of days with all the giftmas festivities ;)

Quote:

Original post by auLucifer The IP Packet actually contains both addresses. A Destination mac address and the sender mac address. If it didn't contain both then there would be no way to determine where to send the packet to and from.

Yes, but as said by RDragon, that source-MAC is the MAC of the last router the packet has gone through, and most of the time won't be the MAC of the banned client..

Quote:

Original post by auLucifer The IP Packet actually contains both addresses. A Destination mac address and the sender mac address. If it didn't contain both then there would be no way to determine where to send the packet to and from. I should have a powerpoint presentation that covers it around here somewhere from uni. If you want it just message me your email address and I'll send it. Might have to give me a couple of days with all the giftmas festivities ;)

The sender mac address is only for the current network. A packet from outside the network will have the gateways mac address.