I thought the only time the address changed was when NAT was used. So this typically occurs at the private network at the start but never past there as the larger and more used gateways would need some impressive live routing tables. This is just what they were teaching us at UNI...

MAC address and IP address (and TCP address (port)) are different things. Check out the different layers of networking: from the wiring, all the way up to the language used on a web page; these are different layers of protocols.

Ethernet works like so:
- Your Ethernet card listens for frames (packets) on the wire.
- If a frame arrives that contains the MAC address of the Ethernet card, the card receives it and feeds it on to the OS of the computer. Same thing if it's an Ethernet broadcast address.
- When sending a frame, you have the choice of using a MAC address, or a broadcast address.

Now, Ethernet addresses are not (easily) routable, because they are rather random -- each vendor is assigned a sub-range of the address set, and linearly allocates addresses out of their sub-range (that's why Ethernet addresses are guaranteed unique). An Ethernet address is 48 bits.

Thus, we layer IP on top of Ethernet. IP addresses, each of which are four bytes, are allocated by the local organization, either using an allocated address range (as a subnet) or using a private subnet. IP allows you to send packets from machine to machine -- but to get to the right process on each machine, we layer UDP or TCP on top of IP, which add a single two-byte port number for addressing services.

Now, to send a packet that's not intended for the local subnet, you need to send it to your local gateway, for forwarding to the greater internet. You have the IP address of the gateway, but not the Ethernet address of the gateway. Thus, the protocol ARP, which uses Ethernet broadcast to find the MAC address of a specific IP address on a subnet. To ARP, you broadcast a message saying "who has address X.Y.Z.W" and if someone on the net has it, returns to the sender of the packet.

The IP router (gateway) will slurp in your packet, and forward it onto its next network, which is another network adapter of the router. Thus, the packet will have another MAC address on that network -- or, quite likely, that network will be something other than Ethernet, which doesn't use MAC addresses, but something else instead.

Thus, Ethernet addresses are only valid on the local subnet, and all MAC addresses you will see come from hosts on the local subnet.

Quote:

Original post by RDragon1 Be careful about what you read and transmit, and be sure to ethically respect my privacy as a user at all times. I shouldn't have to give you the serial numbers of my hard drives if I don't want to. (And I want to know if you're capturing and storing that information)

Name something you can do with hard drive serial numbers.

Quote:

Original post by Maega Quote: Original post by RDragon1 Be careful about what you read and transmit, and be sure to ethically respect my privacy as a user at all times. I shouldn't have to give you the serial numbers of my hard drives if I don't want to. (And I want to know if you're capturing and storing that information) Name something you can do with hard drive serial numbers.

track it, just like cpu or other media serial numbers

[then we could give that information to the feds... or more likely, sell it to some corporation that will sell it to someone else...]

[conspiracy-mode off]

I've had this idea as well.

Quote:

It can change the MAC addresses on nearly any interface very easily.

I'm sure you mean spoof it, as the MAC is a burn in physical address, which you could still change easily however, by switching out the network card.

Besides forensics, there are some hard drive companies that require that you have the serial number from your hard drive to get certain services (warranty exchange, tech support, what have you). I don't particularly worry about this piece of information, but it's there.

A MAC address can be changed but the average user isn't going to have the knowledge to do so, even if they did it would be troublesome especially if your system can repeatedly detect the same offenders.

Quote:

A MAC address can be changed but the average user isn't going to have the knowledge to do so

The problem is that the average user likely won't need to be banned. There's a surprising correlation between the people who really go in for causing trouble online, and the people who know how to change a MAC address (or hack around in the registry, or whatever).

Yes, there exists people whose sole purpose in life is to make your customers, and thus your, lives miserable. It's sad and pathetic, but true nevertheless.

The ethernet MAC address is not helpful for banning, as many others have noted above.

Not all machines even have an ethernet interface - bear this in mind.

You can't trust anything generated by the client application, which includes reading the client machine's MAC, hard drive serial etc, these can trivially be faked by using a program which intercepts the OS calls.

Your best bet is to insist that they register online somehow.

If it's a free-to-use application (I'm assuming it is), you could require them to fill in a CAPTCHA or something annoying like that, and receive a key by email. That way you'd know that they were a real registered user. Also, after being banned, it would be more difficult for them to reregister under a new email.

If you get persistent offenders from specific IP blocks, you could ban registrations from those IP block (although the possibility of banning legitimate users exists, particularly with providers who use the same IP block for very large groups of customers (e.g. AOL))

Mark

Anonymous Poster: It doesn't work that way. The serial of the HD or the MAC adress isn't checked to allow you to play. It checks to see if you're playing on a computer using a banned mac or HD serial and then prevents you from playing.

Oh and I'd like to confirm that there is indeed a correlation between the user knowledge to change a mac adress and the amount of trouble they will cause. At least that's been my personal experience in running a mmorpg. As we also have a free registration scheme and creating new email adresses is trivial, we've had to resort to a banning war with some very obnoxious users.