PDA

View Full Version : MAC Address - Website Question.



Arthur
14-Jun-2012, 09:03
Is it possible to record the MAC address when a user accesses a website?

Anders Gustafsson
14-Jun-2012, 10:23
Arthur,
> Is it possible to record the MAC address when a user accesses a website?

Of the user? It depends. The firewall usually has no knowledge of the
user's MAC, unless you have a workstation helper to record it. That is
what ClientTrust does on BorderManager.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

Arthur
14-Jun-2012, 10:53
Thanks for your fast response. It is not a work related website. It will be
hosted in a commercial datacentre and I was wondering about preventing users
from abusing the site. If someone creates an account and does not obey the
site rules then I could disable the account. But they could just create a
new account and do the same again.So I was thinking if I could gather the
MAC address when they access the site or create their account perhaps I
could prevent them from creating an second account.
Thanks for any suggestions.

"Anders Gustafsson" <AndersG@no-mx.forums.novell.com> wrote in message
news:VA.00004b5b.00b1bfc8@no-mx.forums.novell.com...
> Arthur,
>> Is it possible to record the MAC address when a user accesses a website?
>
> Of the user? It depends. The firewall usually has no knowledge of the
> user's MAC, unless you have a workstation helper to record it. That is
> what ClientTrust does on BorderManager.
>
> --
> Anders Gustafsson (NKP)
> The Aaland Islands (N60 E20)
>
> Have an idea for a product enhancement? Please visit:
> http://www.novell.com/rms
>

ab
14-Jun-2012, 11:55
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not really, no. Watch a LAN trace of your packets as they move across
the Internet and you'll see that the MAC changes at every hope (router)
because while IP addresses (at layer three) are how we think of the
targets (if we do not think of DNS names at layer seven) the MAC
addresses are used to move data from one router to another (layer two)
and so the data are repackaged at every hope along the way. In other
words, if you block a MAC address at all it's going to be everything
from your router, and you will not like that. ;-)

Require users to authenticate to do anything and then block their
username, unless you go with something like what Anders mentions.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2cMMAAoJEF+XTK08PnB5muAQAKc0fclaEa iB9GtB4IIjcTHe
G/RELHd64GId2L4jiWrBR5dFtxxx1NL2Ju0e1qQXEj5v1NYS1MsF ZnCDs2RW+gai
R2++LLYojbtYt8EFI6YA8BvzH1m6Ek32TllRqpLHGFtJXS1FWB mtu6QAPIcEVXV/
GEenknuqk2xgWTqMaAhvkQJH97MdmsZZKgFp0wUic9JEi817TE KvkGzYvEC6HHqM
t8SFdXkgk6ppxfQaP8INxiTMaFvDl4t6A+9ozFaFG517q3GH27 hY5uPt4HCVTg20
VvNsXeFgI1rs1R7Ubd5Y8eSByOWK4RTDtsuKr9lh8WeczIYWnl lq6PW6UHBbYLpn
MVMbKHksYW6yt7kaoUp5sZQuUmn7T62LkVpKRuXQcCAgp5PYtQ MHpUHbAWoQrM4/
Q1QZqXt79nnkbf5T5luysOAKfVHiuMp3wNiXeYa3MmZktmhuV2 zXpYQA8zL0lOKm
rLOENZIvKGp7YiLaT7rb0amqggNjdRbHOoX4fsNerkB2kH5lF2 LgUrf/vqUY2juO
G52aZrUs7T5GLdFLocigAMzIZC1rLeywaSbEU31XxF0C/4pRSTQCPmIeBSuyk6Mt
2qcNER1+Ako+jX4474P3QPDwv35hr7tKLuX8ItFYeqqYUic3wG eMBGVk66cdy6N3
3ZNPtSpPYoVWBmccSUMj
=oMsG
-----END PGP SIGNATURE-----

Bob Crandell
14-Jun-2012, 17:02
On Thu, 14 Jun 2012 10:55:09 +0000, ab wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Not really, no. Watch a LAN trace of your packets as they move across
> the Internet and you'll see that the MAC changes at every hope (router)
> because while IP addresses (at layer three) are how we think of the
> targets (if we do not think of DNS names at layer seven) the MAC
> addresses are used to move data from one router to another (layer two)
> and so the data are repackaged at every hope along the way. In other
> words, if you block a MAC address at all it's going to be everything
> from your router, and you will not like that. ;-)
>
> Require users to authenticate to do anything and then block their
> username, unless you go with something like what Anders mentions.
>
> Good luck.

So what you are saying? They hope to hop or they hop with hope?

kgroneman
14-Jun-2012, 17:04
If you have a system where it's required to have unique, validated
email addresses it isn't ideal, but it's better than relying on user
names. User names are a dime a dozen...er....a billion. Validated,
email addresses are somewhat harder to come up with. Block an email
address and it at least makes the user have to go find another valid
one.

IP addresses only work if they're static. Here in the forums when we
come across spammers we can block by userID, email address, IP address,
or domain (which we don't usually want to do for obvious reasons).

--
Kim - 6/14/2012 9:59:08 AM

ab
14-Jun-2012, 19:46
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yeah, um.... I have no idea how I typo'd that so consistently. Lame....

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2jF5AAoJEF+XTK08PnB5IXUQAL88u7aJ2y axmxDc6bWIY/mA
cp9ixDhVdvkmC5K2wimOMK2KfdSWT5JKE5qfPjk3S/o2IieODli3jwAb4UPMPmcL
WAf0R3u7SJwhzspx1zHViXgwXUPofSn8BuJx95vFHGT/blEudxOPDUxKwZ62KO4o
tIFbDNlokiJoF7SImu+b9VXQfXDOc6GK6RDRv+M/cUZgVfCOhVJeeDZ9jTngrXMw
pubr36iBPUBdYbnqcmrovKi56+wX4SqpGw9p2PBK7GZQm3tmIt S1uNn8KIgB78Nj
AsjN1t/oIxI9AM0zXxhwyQOOaBPYR7b5QqLBOhFFlWvxaEQbYjd12y/GEpwonmOw
CTq7ykNTvbg0p85hmegMVlBSpOsgqPcDcUQBQpL/2ZBQoPf/AxwfNkWnGIh+tMfD
tnP3M1J2jOUp8n0PXoU3CHYWKSBtgjhNOX/QZ4GfpBMrIXP4vhRxMV6EwmIeAP1i
lfT1GrutFjxNToKUoeyqHWuddF8cBwy4Xi8U0HAMIAAIIVny1C n8/A3Z6RxpTd7o
WYsGvmly66VySy/XJKQuTrH5s1O6zCRvIdsmjB4AiR1n8el1kpPFMbSZ6za23km4
I+uj2FgwC8KlH14G+JFQYtRBbVNza2AiyHM43+lVyLEWVndz9r hpVZOSkBtQJRQE
SBnhAZrs0INGSHDNUrxG
=M2Ef
-----END PGP SIGNATURE-----

Simon Flood
15-Jun-2012, 10:58
On 14/06/2012 17:02, Bob Crandell wrote:

> So what you are saying? They hope to hop or they hop with hope?

He said a hip hop the hippie the hippie to the hip hip hop, a you dont
stop the rock it to the bang bang boogie say up jumped the boogie to the
rhythm of the boogie, the beat

http://www.youtube.com/watch?v=rKTUAESacQM

;-)
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------

Bob
15-Jun-2012, 13:23
And THAT'S what it's all about.

On 6/15/2012 5:58 AM, Simon Flood wrote:
> On 14/06/2012 17:02, Bob Crandell wrote:
>
>> So what you are saying? They hope to hop or they hop with hope?
>
> He said a hip hop the hippie the hippie to the hip hip hop, a you dont
> stop the rock it to the bang bang boogie say up jumped the boogie to the
> rhythm of the boogie, the beat
>
> http://www.youtube.com/watch?v=rKTUAESacQM
>
> ;-)