This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Ban mac-adress

Old posts that have not been replied to for several years.
Locked
M
Morten

Post by Morten »

Is it possible to use, e.g. tcpdump and grab a mac-address and use it to ban a users from the channel?
P
Petersen
Owner
Posts: 685
Joined: Thu Sep 27, 2001 8:00 pm
Location: Blackpool, UK

Post by Petersen »

my knowledge in this area is very limited, but afaik mac addresses are a function of a pysical subnet which are not transmitted over routers. thus afaik you could only do this is you were on the same network section as the user.
S
Stoner

Post by Stoner »

Only way you can get someones mac address is, if they are on a very very insecure network. Such as winblows networking. This is information you never want the public to see. And it is possible to grab from someone else, if they have gapping security holes like port 139. If anyone is interested in closing, or finding out if such a hole exists on your machine check out grc.com
R
RedAlert
Voice
Posts: 17
Joined: Mon Nov 19, 2001 8:00 pm

Post by RedAlert »

Such as winblows networking. This is information you never want the public to see. And it is possible to grab from someone else, if they have gapping security holes like port 139.
You're probably mixing up MAC addresses and NetBIOS names, these are two completely different things :smile:

About the original question: that's not possible at all; even if all the clients and the IRC server are on the same subnet as you, then packet sniffers like tcpdump would only see the MAC address of the IRC server's NIC, not of any of the clients - afterall you're only directly receiving data from the IRC server, not from the clients.

I'm afraid there's also no other way to identify users that can change their nick, username and IP (I suppose that's what you're after). You'll have to wait till IPv6 is being widely used, IPv6 is said to make dynamic IP assignment unnecessary. But that's still pretty much future talk :sad:
P
Petersen
Owner
Posts: 685
Joined: Thu Sep 27, 2001 8:00 pm
Location: Blackpool, UK

Post by Petersen »

actually, if you were on the same physical subnet as the irc server, then you would be able to get them if you were on an unswitched network. other than that it aint possible.
R
RedAlert
Voice
Posts: 17
Joined: Mon Nov 19, 2001 8:00 pm

Post by RedAlert »

You're right... but in that case you would be able to sniff and spoof all of the IRC server's traffic too, and that has some additional benefits which make channel bans look pale :roll:
S
Stoner

Post by Stoner »

On 2002-06-01 09:36, RedAlert wrote:

You're probably mixing up MAC addresses and NetBIOS names, these are two completely different things :smile:
Sure wasn't, and I am aware of that. :razz:
R
RedAlert
Voice
Posts: 17
Joined: Mon Nov 19, 2001 8:00 pm

Post by RedAlert »

oh I see... hmm Microsoft... I could've known that you could really get all possible information from unprotected windows machines :lol:
Locked