Jump to content

Tracking ip addresses..........

Slashley

By Slashley
in Technical Help Forum

 Share

Recommended Posts

Slashley Member

Slashley

Posted
  • Author
Posted

Been getting several of these alerts each time I log on but this is the current type of thing.

 

HTTP MS IIS NTLM ANS1 B0.

 

Ip. add: 80.42.72.66.

 

Network: UK-TELINCO-20011123.

 

Sent from: San Jose, Ca, USA.

 

Node name: 80-42-72-66.dynamic.dsl???

Link to comment
Share on other sites
  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Jim Roper Member

Jim Roper

Posted
Posted
MAC addresses can be changed, its not all that hard to do either

So what are the consequences, if any, of choosing a MAC address that someone else is already using?

https://www.harbourbridgelakes.com/


Pisces mortui solum cum flumine natant

You get more bites on Anglers Net

 

 

Link to comment
Share on other sites
corydoras Member

corydoras

Posted
Posted
There are also other things such as your motherboard ID or serial number, which in some cases can be transmitted over a network

Would you like to explain to us all what kind of UDP or TCP packet one might find ones motherboards serial number in?

 

So what are the consequences, if any, of choosing a MAC address that someone else is already using?

Duplicate MAC addresses on the same LAN: Wont work.

Duplicate MAC addresses on different sides of a BRIDGE: Wont work.

Duplicate MAC addresses on the internet, probably would not make any difference at all.

The problem isn't what people don't know, it's what they know that just ain't so.
Vaut mieux ne rien dire et passer pour un con que de parler et prouver que t'en est un!
Mi, ch’fais toudis à m’mote

Link to comment
Share on other sites
Newt Member

Newt

Posted
Posted
I know there was a batch of network cards that were produced with the same MAC address, but all the rest have different ones, I believe, and they can't be changed as far as I know.

 

Can't be changed - possibly but no need to go to that much trouble. Simply spoof the address that shows to the outside world.

 

http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp

 

http://www.klcconsulting.net/change_mac_w2k.htm

 

or google for "spoof mac address" and many of the 445K hits will offer how-to ideas.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites
corydoras Member

corydoras

Posted
Posted (edited)
Can't be changed - possibly but no need to go to that much trouble. Simply spoof the address that shows to the outside world.

 

http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp

 

http://www.klcconsulting.net/change_mac_w2k.htm

 

or google for "spoof mac address" and many of the 445K hits will offer how-to ideas.

MAC addresses for most Ethernet cards can be changed, no special knowledge or software tools needed.

 

On my own PC I need to:-

Right Click on My Computer, select properties

click on the Hardware tab, click on device manager, open the Network adapters folder, right click on network card

select properties, click on advanced tab, click on 'Locally Administered Address, select the value radio button, type in your 'soft' MAC address, click ok, job done.

 

IPCONFIG before the change:

Connection-specific DNS Suffix  . :Description . . . . . . . . . . . : Compaq NC3120 Fast Ethernet NICPhysical Address. . . . . . . . . : 00-50-8B-6C-D4-B4Dhcp Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 10.10.10.3Subnet Mask . . . . . . . . . . . : 255.255.255.248Default Gateway . . . . . . . . . : 10.10.10.1DHCP Server . . . . . . . . . . . : 10.10.10.1Lease Obtained. . . . . . . . . . : 07 March 2006 16:28:44Lease Expires . . . . . . . . . . : 07 March 2006 18:28:44

 

and after

 

Description . . . . . . . . . . . : Compaq NC3120 Fast Ethernet NICPhysical Address. . . . . . . . . : 00-50-8B-6C-D4-B5Dhcp Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesIP Address. . . . . . . . . . . . : 10.8.10.17Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . : 10.8.0.1DHCP Server . . . . . . . . . . . : 10.8.0.100Lease Obtained. . . . . . . . . . : 07 March 2006 16:30:34Lease Expires . . . . . . . . . . : 08 March 2006 16:30:34

Note that the MAC address has changed and that the my DHCP server has given me a new IP address because it thinks I have a different network card.

 

NB Don't try this if you have a cable modem or you might find that you cannot get on line for a couple of hours after you change your MAC address.

 

This is a mix of numbers and letters that are assigned to your network card, or your ADSL modem, or any device that communicates on a network.

Actually it is a number, its just that it is written in hexadecimal.

Edited by corydoras

The problem isn't what people don't know, it's what they know that just ain't so.
Vaut mieux ne rien dire et passer pour un con que de parler et prouver que t'en est un!
Mi, ch’fais toudis à m’mote

Link to comment
Share on other sites
Steve Walker Member

Steve Walker

Posted
Posted
Actually it is a number, its just that it is written in hexadecimal.

 

Number? If we're being pedantic about it, pseudo-random sequence of 48 bits, surely? It's usually encoded as six 8 bit hex numbers but as far as I can see there's no reason 00-50-8B-6C-D4-B4 couldn't be written 0.80.139.108.212.180 or as AFCLbNS0 or as 000000000101000010001011011011001101010010110100 or whatever.

 

It's only a number if you do maths with it, in my book... :)

Link to comment
Share on other sites
Newt Member

Newt

Posted
Posted

Not really random.

 

00-50-8B means it is a Compaq device of some sort..

 

Mine is 00-D0-59-xx-xx-xx so since I haven't messed around with it, you know my NIC is from AMBIT MICROSYSTEMS CORP in Tiwan. IBM branded the laptop (a Thinkpad) but obviously outsourced the NIC offshore.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites
corydoras Member

corydoras

Posted
Posted
Number? If we're being pedantic about it, pseudo-random sequence of 48 bits, surely? It's usually encoded as six 8 bit hex numbers but as far as I can see there's no reason 00-50-8B-6C-D4-B4 couldn't be written 0.80.139.108.212.180 or as AFCLbNS0 or as 000000000101000010001011011011001101010010110100 or whatever.

 

It's only a number if you do maths with it, in my book... :)

There is nothing random, pseudo or otherwise about a MAC address. Ther first three octets represent something called the Organizationally Unique Identifier (OUI). These are assigned by the Institute of Electrical and Electronics Engineers (IEEE) to manufacturers of networking devices. The second set of three octets can be used by the manufactureres as they see fit, but bearing in mind uniqueness.

 

It is true that the 48 bit number could be represented in many different ways, but that does not change the fact that it is a number. You might not be doing any math on it but the firmware in any bridge or router that your NIC is connected to will be doing mathematical and logical operations on it.

 

Luckily for us the original designers of Ethernet chose a 48 bit address space as this 2^48 or 281,474,976,710,656 MAC addresses to play with. MAthematics are everywhere!

The problem isn't what people don't know, it's what they know that just ain't so.
Vaut mieux ne rien dire et passer pour un con que de parler et prouver que t'en est un!
Mi, ch’fais toudis à m’mote

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We and our partners use cookies on our website to give you the most relevant experience by remembering your preferences, repeat visits and to show you personalised advertisements. By clicking “I Agree”, you consent to the use of ALL the cookies. However, you may visit Cookie Settings to provide a controlled consent.

  I accept