Restrict access by checking MAC ID of visitor?

Portal Home > Knowledgebase > Articles Database > Restrict access by checking MAC ID of visitor?

Posted by EastCoast, 11-27-2008, 11:21 AM
Restrict access by checking MAC ID of visitor? We have an online service for which we want only those members who have subscribed to access it. To prevent their account from being shared with others, we are thinking about restricting access to the user's MAC address. Is there any script (paid or free) available that can achieve this?
Posted by fava, 11-27-2008, 11:25 AM
The mac address of a network connection is only good for a single hop, it is not preserved from end to end. In other words the mac address will contain the address of the last router in the chain of routers between the sender and yourself and not the address of the sender. Sorry. fava
Posted by jNive, 11-28-2008, 05:05 AM
only thing you can try is a clientside script/program that reports back with the mac address __________________Perigee Global / DSi Gaming - Hosting
Posted by user_204207, 11-28-2008, 05:35 AM
Quote: Originally Posted by jNive only thing you can try is a clientside script/program that reports back with the mac address Yes, if you wish to achieve this you'll need to run a clientside program that communicates with your website. This will however be difficult, as not many end users will trust a program to run in the background communicating their personal data. __________________
Posted by Xous, 11-28-2008, 06:48 AM
Hi, A MAC address is only available to computers within the same segment. If you attempted to do this on your server you would most likely end up blocking everyone because you'd block your server's access layer switch. You could use a client side application as others have said but that would significantly reduce the number of people that would actually use your site. (As soon as I realized you required I'd discard your site as malicious/annoying and move on) You should also note that each computer interface has a unique MAC address so computers with multiple interfaces have multiple MAC addresses (Think laptops. Most will have 3-4 MAC addresses). Now spoofing a MAC address in Linux is trivial: ifconfig eth0 hw ether DE:AD:BE:EF:00:00 Spoofing a MAC address in Windows is also fairly simple with a 3rd party tool. Your better off filtering based on IP addresses if you must do filtering. For the most part I think it's an exercise in futility and it will only stop the lazy/stupid people. Quote: Originally Posted by fava The mac address of a network connection is only good for a single hop, it is not preserved from end to end. In other words the mac address will contain the address of the last router in the chain of routers between the sender and yourself and not the address of the sender. Sorry. fava Sorry to nitpick but technically the source and destination MAC addresses are replaced whenever the packet passes through a layer 2 (or higher) device. Hops reflect layer 3 devices (routers) or higher (Proxies, Deep Packet Firewalls, etc) which may or may not have several layer 2 (switches, bridges) between the two. __________________Need shared hosting? Go with a host that has been in the business for 15 years and still going strong. Looking to sell a monitoring or DNS service? Looking to sell hosting clients and/or entire hosting company? Shoot me a PM with contact details.
Posted by barry[CoffeeSprout], 11-28-2008, 12:48 PM
Quote: Originally Posted by jNive only thing you can try is a clientside script/program that reports back with the mac address Correct, but anything you run on the "client" should be deemed insecure. There is no real way to do this
Posted by zaitcev, 11-28-2008, 06:37 PM
IPv6 autoconfigured nodes pack MAC inside the IP address.
Posted by myiptest, 11-29-2008, 08:11 AM
why you don't use client IP address + some ID in cookies
Posted by AdiAndreias, 11-29-2008, 08:15 AM
And make sure a user name is logged only once. This way they cannot actually use the account simultaneously.
Posted by myiptest, 11-29-2008, 08:49 AM
Quote: Originally Posted by sheic And make sure a user name is logged only once. This way they cannot actually use the account simultaneously. yes, forgot about this +1 for your post