[sllug-members]: mac address

[Walt Haas]

"brian Beck" <brian at planetbeck.com> wrote:

> on a discussion on another board, the subject of a isp knowing the mac
> address of computers behind a firewall came up, It was my understanding that
> the ISP can find out the mac address of computers behind a firewall/router,
> is it possible or am I misunderstanding the tcp/ip protocols?
> 
> I.E. a person uses a wireless card to access your wireless lan to lookup
> porn can the isp tell which computer did the lookup/protection from
> prosecution
> Brian

They shouldn't be able to find the MAC address if the firewall is
configured correctly.  That could be a big IF, given the current state
of network management.

Basically, to identify the individual computer, you need to convert
its IP address (which is quite possibly dynamically assigned through
a NAT table) to a MAC address.  The router has to do this with every
packet, so it stores the relevant information.

Routers also need to be managed, so most of them will respond to
management protocols such as SNMP, which allows a management console
to query the router state.  A properly configured router shouldn't
yield that kind of information to anyone except a properly
authenticated sysadmin.

The problem is that a lot of people take a piece of equipment like
a router or firewall out of the box and do the absolute minimum to
quickly get it running.  If the unit shipped with a configuration that
exposed the IP to MAC conversion information, then it's vulnerable.
If you work in an organization that is run like that, your MAC address
and almost anything else may be exposed to the world.

-- Walt
-------
Walt Haas          The Web Site Doctor - Cures Sick Web Sites
(801) 534-1262     http://thewebsitedoctor.net