caddyjoe77
Aug 9 2003, 04:30 AM
Ok,
Here is my thought...a script running when the user is connecting, logging MAC addy. After a while big DB of MAC addys being built up with the MAC's to user names(or something similar). Bad troll hangs out on site too many times, just being a general PIA. Admin decides to ban him by MAC, thus preventing an ip change to allow access. Trying to read online though if a regular od dial up modem has a MAC...it would have to have some sort of unique id.
Anyway, building a vbscript turned into asp using WMI to find out the mac and log it.
Your thoughts??
dissolutions
Aug 9 2003, 05:31 PM
I'm sorry i haven't been around to help with the questions and I am still not around... lol but every modem has a mac address anything that talks to another computer has a mac address your printer has one everything.... your idea? well could you use PHP? may seem more logical...
caddyjoe77
Aug 10 2003, 01:51 AM
Thanks, I thought I was correct in thinking that. I knew the printers did as well.
You say PHP, what would be the advantages over PHP vs a small vb/asp script run when the user first enters the page??
Thanks
Joe
GSecur
Aug 10 2003, 02:12 PM
Hey joe, sorry I forgot to post this I got busy
and forgot
As for php vs ASP well on a windoes box you are most likely going to have to find a customized dll, I don't believe asp has the ability built in.
[orion]FTF
Aug 10 2003, 08:30 PM
umm... not really into php npr asp, but can you find a persons MAC address using a asp/php script?
'cause normally you would do it using an arp command... but since most ISPs don't allow arp's to be sent, i don't really know how to get a persons MAC address :-/
will a php/asp script do the trick ?
caddyjoe77
Aug 10 2003, 10:53 PM
well, using WMI(Windows Management Instrumentation) I dont see why not. WMI is how SMS works, and how Windows Update works as well. Thats how it knows what drivers and such you need(if it pulls any up for you). Also works using the remote registry service...
Just wondering if it was something that had been explored before??
caddyjoe77
Aug 10 2003, 10:55 PM
| QUOTE (GSecur @ Aug 10 2003, 10:12 AM) |
Hey joe, sorry I forgot to post this I got busy and forgot
As for php vs ASP well on a windoes box you are most likely going to have to find a customized dll, I don't believe asp has the ability built in. |
Hey, why am I the only one with a warn meter..lol??
ComSec
Aug 11 2003, 12:46 AM
lol...every member has one and can see his own...makes the page look sweet
archphase
Aug 11 2003, 01:13 AM
I see your point but first of all you can't just pickup a MAC address, i mean it's not in the HTTP Header. You can iniate a probe to pick it up though, so you could proably write a C program imitiating whatever GFI Languard Scanner does to pick it up and then use a system(); call from PHP w/ the ip as a paramater and have the output of the MAC stored in a variabele.
However what says that the user couldn't spoof his mac address which is much easier and more logical then TCP/IP. Also the user could just as easily hide behind a proxy and thus your circumvent the MAC Address checking just like the IP Checking. I think the best defense against these scans is to just block /24 on them cause if they're dialup they ain't coming back. Most boards employ this system, good thinking though.
caddyjoe77
Aug 11 2003, 03:57 AM
| QUOTE (archphase @ Aug 10 2003, 09:13 PM) |
I see your point but first of all you can't just pickup a MAC address, i mean it's not in the HTTP Header. You can iniate a probe to pick it up though, so you could proably write a C program imitiating whatever GFI Languard Scanner does to pick it up and then use a system(); call from PHP w/ the ip as a paramater and have the output of the MAC stored in a variabele.
However what says that the user couldn't spoof his mac address which is much easier and more logical then TCP/IP. Also the user could just as easily hide behind a proxy and thus your circumvent the MAC Address checking just like the IP Checking. I think the best defense against these scans is to just block /24 on them cause if they're dialup they ain't coming back. Most boards employ this system, good thinking though. |
Thank You for the info. I didnt think about that. This is mainly for a possible project that I want to start. The site is not that much of a big deal per se. Its just a forum, talking about golf stuff. I want to keep the integrity of what is there, they have a nice swapshop, and really good people(for the most part).
However, they have a growing problem in the chat room, and in the swap shop because the site is growing immensely.
Most of these people dont know a lick about anything except how to hit the reply button. Most have heard about disconnecting from there dial up session and getting a new IP, so I was wanting to prevent this without blocking out that same range of users with the cidr /24.<--Is that what you meant??
Thanks for the detailed reply and definitely gives something to think about. Not real good in C, but wanting to learn anyway. Any REAL good C sites off the top of your head?? OF course I can always use the google-o-matic method..lol
Not even sure if it would take off or not...but thanks for the information.
Joe
archphase
Aug 11 2003, 05:27 AM
alright cool, no problem and by /24 i did mean cidr :-)
dozolax
Dec 20 2003, 03:21 AM
good post
VorteX
Dec 23 2003, 11:28 PM
i don't think it would be much more efficient than blocking ip (-ranges), as a mac can also be spoofed or changed, though a bit more difficult then ips
Progressor
Dec 24 2003, 07:27 AM
Actually its very easy to change your MAC... go to this site:
http://www.klcconsulting.net/smac/default.htm?v=SMAC11
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
