Stealing internet by changing MAC address
OK - I have a static IP - and I have been on the same provider for years - its a wired network (a cable goes directly to my network card) - and the cable is connected to a switch on a pole in the street (the pole is connected to another pole which also has a switch for several houses etc) - basically whole city is connected in this manner
Using wireshark about 4-5 months ago while filtering packets for dhcp - I could discover other users “mac addresses” (that were on the same network on the same ISP) - and simply by changing my mac address to one of theirs - I would be transfered on their bandwidth, and I would be assigned a new IP by the ISP for that mac address.
Now, after they reworked their network, even if I change the mac address I can’t gain access to internet, like before.
So:
Why was I able to get connected to other user’s mac addresses and surf the internet using their bandwidth?
And why I can’t do that now? What has the ISP done to prevent it?
NOTE: I am not looking here to learn how to steal the internet but I simply wonder what catastrophic vulnerability the ISP hasn’t noticed until very recently.
Thanks in advance for your answers.
It sounds as if there was a simple hub serving you and your neighbours. The fact that you could even see packets to and from your neighbours requires this. Hubs are notorious as security holes, and I am rather surprised your provider was using one. But there it is. Using a hub is the equivalent of being on a party line and trusting your neighbours not to rack up long distance calls on your account. Even replacing the hub with a basic switch will prevent you seeing any traffic bound for your neighbours. Any sort of managed switch will provide for per port MAC address filtering, and depending upon just how careful your provider is, arbitrary management of the routing of packets. Simply configuring the switch to only route packets destined to your IP address to your port will lock out any snarfing of bandwidth or packets. Having two machines with the same MAC address on a network at the same time will cause lots of chaos, essentially neither you nor your neighbour’s connection would be able to coexist with both of you doing stuff at the same time without significant degradation. It would not surprise me that that your provider noticed the symptoms of such problems (or got a complaint from a neighbour about issues) and upon doing a packet trace noticed the fingerprint of two machines with the same MAC address. Then they replaced the hub with a router. Or maybe they finally got around to replacing the hub anyway, since it is such a bad idea. (Powering the hub versus powering a switch/router may have been an issue in the past.)
In large companies or universities it is common to lock each and every port to a MAC address and IP number, and to drop any packets that have the wrong MAC address.