Say someone gets banned from a site, usually their IP address is blocked right? How does that affect someone with a dynamic IP? The site could block the IP range used by that person’s ISP, but that seems like it might block other legitimate users. Maybe I’m being a bit dense here, but it seems to me that a site could only block a specific user based on a MAC (which can also be spoofed), and even then, I don’t think that MACs are something that a site can even see.
Quite simply, it doesn’t work - for exactly the reasons you state. A site owner can ban a specific IP, yes, but since most folks have dynamic IP addresses assigned by their ISP, it’s not effective. Or a range can be banned, but this will likely take out anyone with the same ISP as the offender.
And no, a website cannot see your MAC. Even if they could, you are again correct - they can be spoofed easily by a $30 router. Or, indeed, one could buy a $5 network board with a different MAC.
Normally if one is banned from a site like this one (say) it’s not the IP that is excluded, but the username.
On the nose. And it wouldn’t block the same asshole coming back tomorrow with a new IP address dynamically assigned out of the pool of addresses owned by the ISP.
MAC addresses are not visible outside the LAN. They are a hardware-level detail and those get dropped once a packet leaves the hardware the detail is relevant to. I can expand on this if you want me to, but picture it like this: A packet is a letter that gets sent in multiple layers of envelopes. The outermost envelope gets taken off and replaced when the letter is on a machine that hooks up to two different physical networks (Ethernet and fiber optics, Wi-Fi and ADSL, etc.). The MAC address is on that outermost letter.
A simulpost indeed, but thanks for the information. I have only a hazy idea how MAC addresses work. If you find the time to elaborate, I’d be interested to hear it.
MAC addresses are part of the network hardware (the Ethernet card, the Wi-Fi transceiver, or whatever you have) and a specific MAC address IDs that card, not the computer: If a computer has multiple cards, each card has its own MAC address and they can send Ethernet frames to each other.
Apparently, MAC addresses are not in ROM but are in writable storage and can be changed by software that knows how. Google “MAC address spoof” and you will be deluged with programs, but MacOS X and other Unix-like OSes come with the standard ifconfig program that is capable of doing the job. This is really, really not a secret anymore. I’m surprised you didn’t know it already.
It is possible to detect MAC address spoofing but most Wi-Fi hotspots apparently don’t even try. From here:
So each “frame” (a low-level packet, essentially) gets a number indicating what order all frames from a specific node were sent. You can detect spoofing by keeping track of all of the sequence numbers from all of the nodes and looking real hard at duplicates. As I said, most hotspots don’t seem to bother.
There is a much better whitepaper on the topic of detecting MAC address spoofing available here. The whitepaper is PDF-only, and the summary doesn’t really go into details. It mentions sequence numbers (which, by the way, only exist on frames sent via Wi-Fi as opposed to frames sent via Ethernet cables) and the fact the IEEE has assigned blocks of MAC addresses to various network hardware makers. (Thus, if you see a MAC address that doesn’t correspond to one of those blocks you can be sure someone is spoofing you with random numbers.) In short, it works like intrusion detection always does: Look for things that just don’t fit.
The main reason I don’t know about MAC-spoofing software is that I have had little call to spoof MAC addresses. Only once, when I added a second PC and router to my cable network in the UK, and then I had the router do the spoofing. I did know that they were connected to network hardware rather than the actual PC.
While most folks have an IP assigned by their ISP. It really does not change very often for people with braodband. Last time I looked into this, I had the same IP for months. Sadly I lost the piece of paper with that IP address so I cannot tell if I has been the same for years.
So when I am posting from home I have a very stable address. If I go on the road with lappy I will get a different IP. But when I return I will be showing the same IP to the world even though my IP address is dynamically assigned by the ISP.
Indeed. A stable connection is one of the best things about broadband: Everyone makes noise about raw speed, but having a connection that is never going to time out makes it possible for me to download ISO images and batch-download large amounts of software all night long. I couldn’t leave a download running unattended when I was stuck with dial-up because the ISP would hang up, and even though my computer was set to auto-reconnect none of my downloads would automatically resume.
Another problem with banning a single IP is that a lot of people can be behind a NAT router that shows the same external IP. I knew people at an incredibly large company once where everybody at each site went thru one NAT router. One person causing a ban at a web site meant that everyone else at their location was banned too.
A web site can do things with cookies but that doesn’t stop the real jerks.
This also effectively prevents homes from running their own web servers, for example: There is no way for the people outside the NAT to form an address specific to your machine, so they cannot access services provided by your machine.
And, before anyone else jumps on me, this is obviously wrong:
If the site blocks the whole range it would prevent that.
Unless I’m misunderstanding, this isn’t correct. I run web servers behind NAT routers all the time.
It does require that the NAT router be capable of doing what is usually called “IP Forwarding”. This is the ability to designate a specific port number at the NAT router, which will then forward all incoming traffic on that port to a specific IP address and port on your private network. But this capability is on every router I’ve seen for years, even the $30 ones. Also it’s simpler if you have a static IP assigned from your ISP, but can be done if you use one of the services available to automatically map your dynamically assigned IP.
For example, I could have my private LAN behind an NAT router and using 10.0.0.xxx as the subnet. I set up a web server on the machine using IP address 10.0.0.7, and configure that web server so that it is listening on port 8080. (Using a port other than the standard port 80 makes it so it doesn’t interfere with normal web browsing on that machine. It doesn’t have to be port 8080, that’s just one that is commonly used for this sort of thing because it’s easy to remember in relation to the standard port 80.)
Then I set my NAT router to forward all incoming connections on port 80 to IP address 10.0.0.7 on port 8080. Assuming my domain name is properly set up in DNS servers to point to my publicly available IP, my website is now available on the internet.
The restriction is that with most routers you are limited to one IP address and port that you can forward to per incoming port number. So if you want to use the standard ports on the public side of the NAT (pretty much a requirement for sites you want publicly available) all your web sites would have to be served from one machine, all your FTP sites from one machine (but not necessarily the same machine as your web sites), all your telnet sites from one machine, all your email servers, etc. But that’s not going to be a problem for most small users.
RJKUgly: OK, I didn’t know that. Does it always require the ISP’s help, though? If it does my statement is still effectively correct, in that the ISP is unlikely to be co-operative without charging massive rates to the person running the website.
Bricker is correct, it doesn’t require any setup from the ISP at all, it’s a simple matter of configuration in your NAT router. Although as I stated, it’s easier to do if you have a static IP, which is controlled by your ISP and is usually more costly.
However, your point of the ISP charging more stands. Some do disallow (or charge more for) web, FTP, mail servers and the like because the assumption is people running these types of servers use more than the “normal” traffic. So it’s best to check with your ISP and see if your contract allows it.
If I could briefly hijack my own thread for a moment…
Since I have you guys in here, is there something significant about the IP address 192.168.1.47? I know it’s local and valid, but I’m almost positive that I heard that this indicated a specific situation. If you get a 169.254. (I can’t remember the rest) you know you have an APIPA assigned IP, I’m wondering what the .47 in the above example tells you.
I’m not aware of any special significance to the .47 as the last byte of the address.
In fact, I’m not aware of any significance of any particular value for either of the last two bytes in the standard private address ranges of 192.168.x.x or 10.0.x.x, except you can’t use zero for the last byte, and I think 255 as the last byte is reserved for broadcast.
In checking my spreadsheets for the IP addresses I manage for my customers, I don’t happen to have assigned .47 on any of those networks (I have assigned 48), but that is just coincidence, I haven’t avoided it deliberately. As far as I know there is nothing special about it.
And 169.254.x.x are auto-assigned, but by the device itself, and not by some outside agent such as a DHCP server. So if a network device comes online and is not configured for a specific IP address, and is not configured to request an address via DHCP, it may (if it has been programmed with the capability) automatically choose an address in the 169.254.x.x range. I don’t know if there is any rhyme or reason to how it chooses the last two bytes, or if just picks two values that result in an address not already in use on the network.
Sorry for what must seem like a really facile question, but doesn’t my IP address change every time I disconnect/reconnect with my ISP? (I have cable through Rogers. In Canada).
It can, but it usually doesn’t. Usually an ISP will give out the same IP to the customer until the lease period expires. The lease can be hours, days or months, after it expires the ISP assigns a new IP. Things can get a lot more complicated with MAC binding and the like, but it’s usually pretty straight forward.