BAN by MAC Address?

[{GD}Odie3]

So I had a little problem with a player last night. I so I did my first Kick/BAN however this player was able to change his/her IP on the fly. Is there a way to BAN with an MAC address instead?

Thanks

 

[geogob]

Isn't there something like a UID for players in UT (like with Quake3) that you can ban?

Nowaday, IP ban is pretty futile.

If the machine is linux box, it would be easy to drop a specific MAC address. On windows, I don't know how.

 

[Hadmar]

How do you get the MAC in the first place? Does UT report it? AFAIK all you would get is the MAC of the last router in the line.

*edit* Some Windows NIC drivers allow you to edit the MAC. Dunno how one would do it if the driver dosn't let you do it.

 

[geogob]

How do you get the MAC in the first place? Does UT report it? AFAIK all you would get is the MAC of the last router in the line.

You need to find it out through packet sniffing eventhough you won't alway be able to retrived it. UT does not report the mac address as far as i know. It really has no use to that protocol layer which is used for UT. It's more complicated then that, but you'd need some skills and knowledge to ban someone with "other network informations than the IP".

*edit* Some Windows NIC drivers allow you to edit the MAC. Dunno how one would do it if the driver dosn't let you do it.

Yes but by the time the banned guys figures out is MAC (or something else than its IP) was banned, he will have changed servers anyway. It's not an usual way to ban someone.

 

[Cleeus[JgKdo]]

AFAIK there are no MAC adresses in the internet, MACs are Ethernet specific

 

[Freon]

Hadmar, an admin can always assign a MAC address, but only on a local network.

 

[geogob]

That's right, but it is sometimes (not always) possible to block a remote connection with other information than the IP, the MAC beeing one of them. Now if the MAC address is available or not, thats another problem. Often it is not. It depens on how the connection has been established, on the network topology, etc.

 

[{GD}Odie3]

So, it looks like Kick/Ban is of not use against players that change their IP.

You know a player that is Kick/Ban and has in place a way to change his IP (the way this player did) must be up to no good.

Also, last night we had two players log in with the same IP at the same time. How did that player do that? Perhaps, he was connect via DSL/Cable with a router?

 

[geogob]

Freon, no. Normally an admin cannot assign a MAC address. The MAC (media access control) is fixed in the network interface card's controller. But some cards allow you to change, as Hadamar points out, the MAC address from the factory settings.


EDIT... let me change that... should have said "normally an admin should not change the MAC address". It is normally possible to spoof the MAC with any decent NIC, but this MAC address are unique worldwide, you normally don't fool around with those.

 

[geogob]

Also, last night we had two players log in with the same IP at the same time. How did that player do that? Perhaps, he was connect via DSL/Cable with a router?

That could have been me. In fact that could have been anyone who has multiple computers behind a NAT router. Sometimes I do mini-lans at my place and we all go out on the internet, on the same servers. For the server point of view, we all have the same IP.

 

[yurch]

So, it looks like Kick/Ban is of not use against players that change their IP.

You can ban IP ranges.

 

[{GD}Odie3]

You can ban IP ranges.

Now that is and Idea! What is the proper syntax to do that? Also, can I edit the IP using the edit function in WebAdmin?

 

[geogob]

You can ban IP ranges.

ban 0.0.0.0/0

 

[Freon]

Freon, no. Normally an admin cannot assign a MAC address. The MAC (media access control) is fixed in the network interface card's controller. But some cards allow you to change, as Hadamar points out, the MAC address from the factory settings.

No, all cards are like that. There is a private and a public MAC address. On a private network, the admin can assign MAC addresses to each cards (they are smaller, 16 bits IIRC). But he has to avoid conflicts and all. On a public network, MAC addresses are fixed and use the one set by the manufacturer.

 

[geogob]

And how does your card tell the difference between a private and public network?


EDIT: I would like to make a small correction to my previous message... should have said "normally an admin should not change the MAC address".

EDIT of EDIT: another small precision... the original MAC is hardcoded in the firmware and cannot be changed. But the MAC used by the card can be changed, but it can always be reverted to the hard coded one. Perhaps that's what you meant by private/public address?

 

[{GD}Odie3]

No, all cards are like that. There is a private and a public MAC address. On a private network, the admin can assign MAC addresses to each cards (they are smaller, 16 bits IIRC). But he has to avoid conflicts and all. On a public network, MAC addresses are fixed and use the one set by the manufacturer.

and

And how does your card tell the difference between a private and public network?


EDIT: I would like to make a small correction to my previous message... should have said "normally an admin should not change the MAC address".

hmmm, Off Subject?

 

[geogob]

and




hmmm, Off Subject?

well, not really since we are discussing if it is possible and/or interesting to try to ban someone using thier MAC address. It isn't as easy as to say "yes" or "no"

 

[{GD}Odie3]

well, not really since we are discussing if it is possible and/or interesting to try to ban someone using thier MAC address. It isn't as easy as to say "yes" or "no"

I am just pulling ya'lls legs. You guys where starting down the road to a little MAC Address tiff it look like to me.

 

[Hadmar]

Seems like one could learn network stuff in 10 different schools and would learn something completely different every time.

geogob, just to make sure I understand it right. What I learned was that your MAC is used in the local network and isn't routed. If a packet is routed the MAC of your PC is replaced by the MAC of the router which is again replaced by the MAC of the next router and so on. The MAC the server 'sees' is the one of the router in the local network. How is it possible to use a packet sniffer to get the client PC's MAC (even if it's only sometimes possible)?

Freon, I never heared of a private MAC adress. How do you set something like that and/or could you provide a link to a good website about it?

PS
I'm pretty much against banning IP ranges. It's quite possible that you ban other people who happen to use the same provider, too.

 

[geogob]

Seems like one could learn network stuff in 10 different schools and would learn something completely different every time.

Thats what happens when everyone invents his own protocol and standard...

geogob, just to make sure I understand it right. What I learned was that your MAC is used in the local network and isn't routed. If a packet is routed the MAC of your PC is replaced by the MAC of the router which is again replaced by the MAC of the next router and so on. The MAC the server 'sees' is the one of the router in the local network. How is it possible to use a packet sniffer to get the client PC's MAC (even if it's only sometimes possible)?

It usually works as you discribes, thus making it impossible to use the MAC address at the destination. MAC address is really only used by the media access control (the media being the actual physical media... the copper thingny ) to manage the access of different devices to a same media. This is mostly usefull in repeated LAN architecture (with HUBs and repeater swtich) or old coax Ethernet network. Of course I'm only speaking of ethernet networks. MAC has a totally different importance in polled networks like with Token Ring... but that's totally off topic. Since the MAC is used at the lowest level and used for physical interactions, it isn't needed network-wise on the other side of the ethernet (because, obviously, the client and the server arn't on the same copper wire).

But in tcp/ip stack implementations, you can request that, during connection setup, the origin MAC address is present, for screening purposes/management purposes. Again this is much more complicated... there's a whole bunch of things you can do with Ethernet frames that ppl don't learn about normally. I used simlar functionnalities when I coded a network stack for the DOS. The final application needed to have an ip independant screening process. Since I wanted something unique and intimatelly dependent of the hardware, I opted for MAC address as an authentication process. And all i needed to do this was standard in modern TCP/IP/Ethernet stack implementation (notably winsock 2 which is, obviously, the mostly used).

The packed sniffing is need because, of course, you cannot recode the whole UT network engine to get one MAC by having it requesting origin MAC upon connection. But in linux, there are ways to force the network interface to request it all the time, thus making it possible to find the origin MAC using packed sniffing/inspecting.

Anyway, this isn't something normally used/seen by the normal user, but it's there. And i wouldn't recommand this ban technique (or any technique not done directly from the game server) to anyone not having a good understanding of the underlying code an the workings of the network stack. I can give bad headakes if something goes wrong.

Freon, I never heared of a private MAC adress. How do you set something like that and/or could you provide a link to a good website about it?

I think he was refering to the apparent address and the one hardcoded in the card chip that cannot be changed. Not so sure though.

PS
I'm pretty much against banning IP ranges. It's quite possible that you ban other people who happen to use the same provider, too.

as i said, ban 0.0.0.0/0 *winK*


EDIT: sorry ODIE, now this is real hijacking but i think you have your anwser now... don't count on MAC banning. and As you might have already found out, i'm also pretty much against range banning.