Re: Microsoft and MACs

["Eric M. Bennett" <ericb@pobox.com>]

Paul Rickard wrote:

>From:           	Nicholas Petreley <nicholas@petreley.com>
>
>> Has anyone explored why Microsoft would want to tie user data
>> to network MAC addresses?  Why would anyone want a MAC address
>> except to sniff or spoof network packets?
>
>	Because like fingerprints and social security numbers, the MAC
>address on every modern network card is unique. Unless someone switches
>NICs around or changes their computer, you can tell who they are by the
>MAC.

This is not correct.

Some NICs are reconfigurable.  For example, Apple Computer used to
distributed an unsupported program called "Apple LAN Utility" which could
be used to change the MAC address sent out by the machine on its ethernet
packets.

I used this feature when I was an undergraduate at Penn State.  The dorm
networks and routers there were reasonably secure... each ethernet jack
would only accept packets marked with a specific MAC address, and only
received packets destined for the MAC address associated with that jack.
The goal was to prevent packet sniffing.  But when there was a network
problem, you couldn't just plug in another computer to see if the port was
working, because the port was programmed to reject other MAC addresses.  So
I found Apple LAN Utility useful as a diagnostic because I could
reconfigure my Mac to look just like the machine that was having trouble
with the port, and I could test the port with my own computer.  Doing this
isolated the problem: a bad computer setup or card vs. a problem with the
wall jack.

I believe some other network card vendors have included this feature.  MAC
addresses cannot be considered to be secure.





--
Eric Bennett ( http://www.pobox.com/~ericb/ )
Department of Chemistry & Chemical Biology, Cornell University
377 Olin Chemistry Lab

A designer knows he has achieved perfection not when there is
nothing left to add, but when there is nothing left to take away.
-  Antoine de Saint-Exup'ery