A way to extract MAC adresses associated with IPs of users entering a

hnr21 · 08 September, 2005, 06:22:48

Hi there!
I was wondering if anybody knows a way/plugin to extract MAC adresses associated with IPs of users entering a LUA5 DC hub and manage it by database.
Best regards !

blackwings · 08 September, 2005, 11:41:01

QuoteOriginally posted by hnr21
Hi there!
I was wondering if anybody knows a way/plugin to extract MAC adresses associated with IPs of users entering a LUA5 DC hub and manage it by database.
Best regards !

its possible to make one I think, but you will not have any use of it, because I guess you wanted it for more
permenent way to ban people right? The problem is that you will either ban on of your ISP or
his ISP routers MAC = you will ban loads of people. And maybe you even ban your own routers MAC

bastya_elvtars · 08 September, 2005, 12:00:06

MAC addresses can not be resolved over routers, you can never know them unless you are on the same LAN. This is just impossible.

hnr21 · 09 September, 2005, 09:34:52

Thanx for replies!
Thats why i mention that such option will be used in a LAN w/o access to internet (well not in this thread notably but in IPdbBOT for example).

In this LAN only the server has a public IP and all its users go in internet with that one IP.
The authorisation required by server in order to use internet services is made by IP associated with its respective MAC.

So i wanted that the users which are not paying a small fee for internet services and wanting just the local services to be precisely defined when entering this hub (by means of user & pass, associated with IP and MAC for "trying" to detect spoofing) .

Looking forward to some ideas,
R.

hnr21 · 09 September, 2005, 09:43:22

Ohhh... and this LAN has only one subnet (if that might be another issue to be aware of).
And perhaps the LUA 5 script used in hub to be able to check/crosscheck an external database (located on the same computer that hosts the PX hub, but different than LAN's internet gateway) and whenever changes come to this external database to automatically made the corrections in its own DB.

bastya_elvtars · 09 September, 2005, 09:54:45

The only problem is that the MAC is on a lower level than PtokaX. The only thing you can do is define custom rulesets for users that will not be allowed to use internet services, and maybe consider running some authenticated network access via SSH. We can discuss this on some IM later, because I am building such firewalls, too.

I am, however, afraid that the only possible solution to filter by MAC is to establish a filtering bridge between the clients and the router, and to use an overkill ruleset.

hnr21 · 09 September, 2005, 11:45:24

Ok... when i first asked about this i was think of a way/script/plugin similar to Clever, for example, to be able to execute some DOS commands, in our case perhaps a ping followed by arp -a.

So .. when a user is entering the hub PX getting its IP to use the plugin to do a ping [local_IP] and then arp -a [local_IP] to extract the MAC and use it to manage its database.

Still .. i'm afraid that this will lag the hub too much....
Perhaps other alternative ways...

plop · 10 September, 2005, 00:47:25

spoofing a mac addy is actualy easier then spoofing a IP.
check your network card driver options.
0 on the mac addy means hardware default.

plop

Corayzon · 10 September, 2005, 07:45:20

Yea Plop, but its just the same as ip address's on a local network.

What u need is to setup mac filtering with static ip address's on ur local router so users arnt able to change mac address's unless they know another allowed one. And then ur able to control who has access to the internet and allmost be assured noone will change mac address's. (unless they know a mac address they can change to)

QuoteOriginally posted by hnr21
Ok... when i first asked about this i was think of a way/script/plugin similar to Clever, for example, to be able to execute some DOS commands, in our case perhaps a ping followed by arp -a.

So .. when a user is entering the hub PX getting its IP to use the plugin to do a ping [local_IP] and then arp -a [local_IP] to extract the MAC and use it to manage its database.

Still .. i'm afraid that this will lag the hub too much....
Perhaps other alternative ways...

This would work well in ptokax, but ptokax doesnt make new threads for os.execute calls. Meaning the program thread is held until the call is returned =[

U can solve this by having another app, that ptokax parses data to, and have it doing the work and then parse the data backto ptokax. This is rather complex and requires alot of io calls though

bastya_elvtars · 10 September, 2005, 17:42:36

Actually, i have already contacted this guy in PM and there is a solution.

bluebear · 11 September, 2005, 10:33:43

QuoteOriginally posted by hnr21
Hi there!
I was wondering if anybody knows a way/plugin to extract MAC adresses associated with IPs of users entering a LUA5 DC hub and manage it by database.
Best regards !

In advanced TCP/IP settings you can tell windows to filter IP/mac addresses. The right combination of filters and you got what you want.

But as bastya said, mac addresses can not be routed, so if its a internet user, you will always get the mac address of the last router who handled the package.

PtokaX forum

News:

A way to extract MAC adresses associated with IPs of users entering a

hnr21

blackwings

bastya_elvtars

hnr21

hnr21

bastya_elvtars

hnr21

plop

Corayzon

bastya_elvtars

bluebear