FlexHub Forum

MAC Address Authentication Good or Bad

Offline MØ®®ØW‡ÑЙ

  • Certified Wooosher
  • *****
  • 26
MAC Address Authentication Good or Bad
« on: December 21, 2010, 22:16:46 »
Eradicating potentially client account hacking - using a bindip that on leased ip's will sometime cause the user not to be able to access the hub on their account as the ISP server has given a fresh leased ip under whatever circumstance - user/isp relationship (too many scenarios to go into how this happens) perhaps a register <user> to :local: Physical NIC (Network Interface Card) address commonly known as the MAC address could be set.

laptops nowadays have built in wi-fi which you will have 2 mac addresses one for the "Local area Connection" and another for your Wireless. Could we incorperate this instead of having to use passwords and/or and getting away from having to bind*.

Getting you MAC address is easy - press start>run>cmd
c:\ << depends mostly this on home machines
c:\ipconfig /all hit enter
various data appears
look for : Either

Ethernet adapter Local Area Connection:
Physical Address   : **-**--**-**-**-**


Wireless LAN adapter Wireless Network Connection:
Physical Address   : **-**--**-**-**-**

potentially have 2 seperate mac bindings per :localhost:

with options to add more to same nick if different machines used.

Offline FlipFlop™

  • FlexHub Developer
  • *****
  • 505
Re: MAC Address Authentication Good or Bad
« Reply #1 on: December 23, 2010, 19:14:17 »
As I understood after discussing this in several Flexhubs ;) it is highly unlikely that the hub will receive the original sender's MAC address, since it can change on every hop. It's mostly used for traffic between two endpoints without any intermediates: a LAN for example.

Even then a MAC address is still easy to spoof, way easier than spoofing an IP for example.

So MAC filtering/binding won't be included as an option in FlexHub.

A related feature already exist in ADC:
FlexHub will have the option (after beta) to bind an account to a certain CID. A CID is generated by the client based on the PID (a unique Personal IDentifier). The PID/CID combination is only known to the hub, and the hub checks if the CID is a proper hash of the user's PID. The PID is never shown to any other clients, only the CID is used for client-client-communication.

Security of this is just as weak as a MAC address would be though, a malicious hub can easily harvest PID/CID combinations. It would only require tricking someone in connecting to that malicious hub.

« Last Edit: December 23, 2010, 19:20:34 by FlipFlop™ »
Check the new FlexHubList!           Add awesome statistics like this for your hub!

This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.