Re: [LARTC] clone MAC address

Wed, 17 Nov 2004 14:06:28 -0800 

Hi Frank,

I forgot to copy the list earlier so this will be a dup for you (sorry)...

Anyway, in your message you say "contradicting to Chris..." in reference to me saying that only the IP and MAC of the NAT router would be visible to the ISP.

I'd like to fill in my knowledge gap here.. can you please send a link (or explain) how the ISP could get the MAC of a device behind the NAT router?

I know that an ISP could theoretically detect that the router is a NAT via OS finger printing and such, but I was not aware that the MACs of the machines behind the NAT router could be determined in any way. Please explain.

Thanks,

Chris

----- Original Message ----- From: "Frank Gruellich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 16, 2004 5:00 PM
Subject: Re: [LARTC] clone MAC address


Hello,

* Nicolas Patik <[EMAIL PROTECTED]> 16. Nov 04: 
No, I'm not talking about natting ... I'm talking about hidding my
computers from my ISP.


Tell me, what's the difference.  Can you give some technical description
for this 'hiding' you are talking about?

.. or .... are you telling me that the problem with my linux box is
about bad firewall rules?


No.  'Firewall rules' are a matter of layer 3, MACs and their so called
cloning belong to layer 2.

Right now with my linux box doing NAT they can find that I have others
computers connected.


Contradicting to Chris they can.  But trust me, they won't.  Finding
hosts behind a NAT router is very difficult and involves the collection
of huge amounts of traffic.[1]  After all, it will not work for any OSs.

What exactly is your problem?  For this clone-MAC-feature search the
manpage of ifconfig for 'hardware address'.  It's not supported by all
NIC drivers, but for most.  Do you change your routers from time to
time?  DHCP servers cache MACs and may not offer a second IP number if
had another interface connected some time ago.  They should flush the
cache after some days.  If they don't call them and feign a story about
a new NIC you bought recently.

HTH,
regards, Frank.
===footnotes===
[1] Ascending TCP sequence numbers, not changed by NAT, you know?
--
Sigmentation fault
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to