Register

Forgot Password

Site FAQ

Home > IT Answers > Networking > Paranoid about protecting my MAC address--Ple...

DonBlake

0 pts.

Paranoid about protecting my MAC address--Please read my story

What is the easiest way to protect your MAC address against spoofing? In 2004 I was the victim of a hacker that somehow spoofed my Cable Modem Mac address and used it to cover his identity while serving copyright material thru the internet. I was unsuspecting until my ISP one day suspended my service. I thought it was a normal outage but when I called my ISP I was transfered to their Security Dept. who said they would be sending papers explaining the situation. Some days latter I received an envelope from the Security Department of my ISP detailing the films that this hacker was serving thru the internet using my IP number and MAC address and warning me to desist.

This experience was really scary and frustrating because my only defense was that the times the hacker was logging with my identity I was at my workplace away from my home computer which was the one connected to the spoofed Cable Modem but still not a strong enough defense.

After arguing with the Security Dept. and not getting anybody to sympathize with me, even though I was only getting a warning I decided I couldn't use the high speed internet (the only choice in my area) and make myself a victim of the hacker so I wrote a letter detailing my ordeal to the Security Dept. naming the people I have talked to and detailing my story and how I was being forced out of their high speed internet service because of another person impersonating me thru my MAC and IP address. I closed my account and had to get back to dial up service.

After a year I got brave enough to reopen my account but this time I rented a modem from the ISP so I didn't loose my money if somebody spoofed my equipment again. I have been almost three years and the experience hasn't been repeated. Now I have installed a wireless network at my home in order to connect my daughter's computer to the internet. I've been reading about how to secure it but my previous experience has got me a bit paranoid, specially with the higher vulnerability of Wireless networks.

What would be the best way to protect my MAC address against spoofing? If a person could do it when it was only one wired computer connected with a cable to the Cable Modem how easier it might be now that I have a wireless network? My brother in law says not to worry, that a bolt of lightning doesn't falls twice on the same spot but I can't help to feel very paranoid.

ASKED: Jul 24 2007 2:28 PM GMT

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

RELATED QUESTIONS

Mrdenny

46735 pts.

RATE THIS ANSWER

+1
Click to Vote:

I don't believe that's possible - protecting it.

HOWEVER - To make use of your MAC address, the impersonator must be on the same (relatively) local subnet you are. My Comcast setup uses a subnet mask of 255.255.255.252, which translates to approximately 1020 possible systems - of which an impersonator could be one.

I'll be very interested in seeing what other suggestions are out there myself.

Bob

I beleive that Bob meant to say that his ISP uses a subnet of 255.255.252.0 as a subnet of 255.255.255.252 would only allow for 2 hosts on the subnet. (My ISP AT&T uVerse has the same subnet mask.)

Denny

Last Answered: Dec 7 2007 11:56 PM GMT by Mrdenny

46735 pts.

Latest Contributors: bobkberg

895 pts.

View History

RSS - Discussions Help

Discuss This Answer:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

petkoa 1005 pts. | Jul 27 2007 8:04AM GMT

Hi, DonBlake

Like Bob, I don’t think YOU can protect your MAC against spoofing. And, in fact, I think it isn’t your job.

Your ISP can do this implementing PPPoE (outdated, I believe) or 802.1x (expensive) authentication and thus stop relying on MACs for verifying who is who. Another perspective is that eventually, DHCP authentication (RFC 2485, and recently IETF draft-pruss-dhcp-auth-dsl-01) will be accepted and implemented - but I’d underscore again - it is ISP responsibility to use this options.

BR,

Petko

Mrdenny 46735 pts. | Dec 7 2007 11:56PM GMT

I agree with the other posters. There isn’t any way to protect your MAC address. For said hacker to appear to be comming from your machine they would need to be physically local to you, probably one of your neighbors (or thier kids).

If your PC was connected directly to the cable model it would be entirly possible that someone had simply hacked into your PC while you were online and was using your computer without your knowledge to serve movies on the internet. Did you leave your PC on while you were at work? The reason that I bring this up would be that for them to be using your IP address while at the same time you are using your IP address they would need to be using your internet connection.

Papp 310 pts. | Dec 9 2007 1:49PM GMT

Cheers to the comments above. All good answers based on the information given. Unfortunately a fragment that is missing I feel is the information comming from the ISP. Your not likely to get without going to trial. Cable technology being one of the hardest technologies to secure due to the push to keep it affordable means that in all likelyhood the “perp” is in your main branch.
Spoofing ARP is nothing new. This introduces the evolution of national threat by perps moving to hardened groups. Something I have a hardtime convincing the most ardent, tried and true network engineers of is cross-branch seeders. This can and does happen in all current network topologies based on end-point comprimises. The end of the 90s has seen the change in strategic progression away from outside in penetrations to clientside outbound requests (zombies and bots). P2P threw a flame on this fire making it the prime choice of zero-day hack groups. This thread could go on forever (and probablt will).
Allow me to get to the point, things you do online increase the “probability” you could be standing on a ferite hill in a lightning storm. Linux, WindowsXP, and other operating choices determine your options. Linux and XP do not use “protected memory” technologies. To get to that level you need to move to “a large cat” (tiger, lepard), or FreeBSD (which lepard is based on) or Solaris10. This is likely to meet oposition from your ISP but will move you to beyond the current ISP traces working in reloc and memloc in the unix derivatives. The palephera of tasties and fun things on the internet typically bait ppl back into the sheep pen. To which, your options are limited by the resources it taked to harden perimeters and end-points. Which brings us to the conclusion, is your ISP concerned about social justice and personal responsibility? or is it a public company legaly bound to turn a profit?

Ysrd 430 pts. | May 25 2008 2:51AM GMT

Hi,
Yes all good answers but they fall into one set of answers, that the story as told is the complete story.
The ISP states that the IP and MAC at that time was this mans system. And he states he is on a Cable modem.
Now unless he shut his modem off everyday when he went to work then no-one was able to spoof his MAC because it was connected. Unless someone disconnected the modem and then reconnected it when he was done the connection to the isp would have sent all of the traffic to his system and not the spoofed one. Arp spoofing is possible but it has to be done before the systems are connected. If his modem is on (and it’s the modems conection that has to be spoofed) that connection is already created.
If the modem was shut off then restarted this may not have been a deliberate attack (look up the counterfeit Cisco router problem) as the other guy may actually have the same MAC address as his.
If the system was not shut off then this is another story.
In this scenario the story has to include the possibility that the file was served up by that computer.
Now this doesn not mean the man did it. Obviously he didn’t because he was at work. But there are two ways this could happen. He mentions adding his daughters laptop with wifi. Before he added her (assuming in only a year she graduated from using his computer to her own laptop she is teen age or so) she used his computer. And well he wasn’t home but she may have been or her boyfreind or girlfreinds were.
The other possibility is that his system was compromised and someone put the files there for others to get. (He would not be the first to have this happen.)
So start close to home, make sure you have all the precautions in place, firewalls, AV and the like and some type of IDS.
Apart from that talk to your kids make them aware of the issues and how to be safe on the net and what to and not to do.

Hope this helps.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map