ophiel Posted May 9, 2006 Posted May 9, 2006 I'm guessing that filtering access by MAC address would be too labor-intensive for my ISP. It spans most metropolitan areas in a fairly large geographical area with potentially thousands of users. Much of the system is automated.it's normal for MACs not to be filtered. only nosy little obscure internet providers do that.the major carriers like earthlink and sbc could care less what your MAC is so long as you provide a valid id & password at login.i imagine the cost of thousands of MAC-related technical support calls would cancel out -any- sort of benefits that MAC filtering might provide
Gouki Posted May 9, 2006 Posted May 9, 2006 the major carriers like earthlink and sbc could care less what your MAC is so long as you provide a valid id & password at login.So all that talk about multifactor security being a good thing is all wrong? I will continue with my opinion regarding it. Something you know and something you have will *always* be more secure than just using one part of the equation. i imagine the cost of thousands of MAC-related technical support calls would cancel out -any- sort of benefits that MAC filtering might provideReally? And why would that be? I know of a company - TVCabo.pt - who has this implementation. They provide service for thousands of users, and if it was something that would cause them any problem, it would have been removed by now. I never thought this could end up being something bad for an ISP, but you must have your reasons.I am interested on what you have to say about it.
ophiel Posted May 9, 2006 Posted May 9, 2006 one man's security is another's annoyance.i've never had an isp account hacked, and if it ever did happen, well i can afford the 13 bucks.i now see the value of the filtering service, i had never thought of an end user seeing it as a plus, for some reason i was thinking it was beneficial for the ISP somehow.i guess i've just never been too concerned about my isp accounts. i never use their associated email accounts and i use evil passwords. i figure that's good enough.
Guest Posted May 9, 2006 Posted May 9, 2006 (edited) I know this topic has drifted off-topic, but I'm wondering if we're all talking about the same thing...I've never used DSL so I am not very familiar with it. I've always had cable internet, which may or may not have better resistance to external internet access hacking. This has nothing to do with the ISP provided email or other services. They have separate logins and can be accessed from anywhere, even if you're not on their network. This makes it easy to check email from out of town.My guess is that with a cable modem, the modem itself has a MAC address which may be registered somewhere upstream. Mine uses standard DOCSIS 2.0 and was provided by my ISP. In this situation the PC or router behind the modem is not verified by MAC; it's not verified at all, which is why changing IP addresses is so easy for me.If someone patches into the cable line in the yard the cable company can pretty easily detect it. I don't know exactly how, but I've heard of it happening with stolen cable television.Anyway, what I'm trying to say and can't seem to easily put into words is simply this: The only reason I can see for an ISP to verify whether an internet connection is legitimate is to protect the bandwidth dedicated for paying customers. The only time I can see pirated bandwidth being an issue is if there are too many people sharing a fiber (in the case of my ISP). It is my understanding that bandwidth is audited time and again to see where there are bottlenecks. When they investigate a bottleneck they can check the runs connected to it for "leaks," then consider upgrading their equipment if there are no illegal taps.Gouki, I'm interested in knowing what other considerations you have in mind on this issue, and why exactly you believe internet service should be locked down by PC or router MAC address, which can be easily changed. Edited May 9, 2006 by 5eraph
Gouki Posted May 9, 2006 Posted May 9, 2006 i've never had an isp account hacked, and if it ever did happen, well i can afford the 13 bucks.i guess i've just never been too concerned about my isp accounts. i never use their associated email accounts and i use evil passwords. i figure that's good enough.The problem here is not about the $13. First of all, I don't care how much my ISP charges monthly. My Internet access is mine, therefor, no one else should be able to use it.Just because you don't use the webhosting space and the e-Mail account, doesn't mean that it's O.K to be hacked. Actually, that's the least of your problems.If I had a homepage hosted with my ISP and by any chance I (not they) got hacked, reading the e-Mail's and looking at the files I had hosted was not something I was worried about. What would make me pretty afraid was using my account to watch pornography, pedophilia or even hack anyone else. Those are the real problems.MAC filtering is something invisible for the human eye. If your ISP decided to enable it, you won't even notice, so, there would not be any work dependant on the home user.I know this topic has drifted off-topic, but I'm wondering if we're all talking about the same thing...Gouki, I'm interested in knowing what other considerations you have in mind on this issue, and why exactly you believe internet service should be locked down by PC or router MAC address, which can be easily changed.Yep. It's really off-topic since the last posts. Just because something can be hacked, doesn't mean it shouldn't be implemented.I once read an article about wireless being more secure than wired. At first I was completely shocked by the author's title. As I read through the text I realized that he was making a good point.Wireless has many problems, and most of them are security, or lack of, related. However, and because of that same problem (lack of security) people were so afraid that they would protect their network with all they got, making it sometimes allot more secure than wired, since that technology people have come so used to it, that most of the times they don't mind protecting it.I know that MAC addresses can be easily spoofed, but why not use it? It's not that hard to implement at an ISP (contrary to what has been said around here) so it would just be an extra that could make things more secure. Even if it's just 1%.
Guest Posted May 10, 2006 Posted May 10, 2006 (edited) I once read an article about wireless being more secure than wired. At first I was completely shocked by the author's title. As I read through the text I realized that he was making a good point...I see your point, Gouki, having set up a wireless network for a friend of mine not too long ago (WPA2-PSK only, nonbroadcast SSID, MAC filtered LAN and internet access). That's one reason why I ran CAT6 throughout my house; the other reason was for gigabit speeds, but that's not related to the argument here. I do have the option to limit LAN and internet access by MAC independently in my router, and I've played with it, but as often as I'm working on other people's machines I've found it to be too much of a hassle when transferring drivers and updates between machines that I haven't worked on before.I feel secure not using those options in my LAN because someone would need physical access to my cables and hardware, which I'm not likely to provide to someone off the street. I have no wireless access, by choice. Outside the house is beyond my control, and I suppose I would feel safer... but there's nothing a hacker could access on my account without my username and password. Any modem they attach outside to a patched line should uniquely identify them, and should be remotely disabled by default if it hasn't been legitimately connected to the ISP before. I do like checking my email from anywhere, and I can update my ISP-provided webspace away from home as well. These are features that I use and appreciate.I don't believe my ISP would get much of a security benefit by limiting access by MAC address when everything else it provides to customers can (and, perhaps, should) be accessable from anywhere on the net, wherever and whenever I want to. As long as they can monitor and audit the modems that are connected (as my ISP does with DOCSIS 2.0) there shouldn't be any problems.I know that MAC addresses can be easily spoofed, but why [would an ISP] not use it?I can't think of a good reason an ISP wouldn't. I can only tell you that I don't need it in my LAN. Edited May 10, 2006 by 5eraph
ophiel Posted May 10, 2006 Posted May 10, 2006 easily spoofed?if your isp has mac filtering you're REQUIRED to spoof your ethernet card's MAC with your router
Guest Posted May 10, 2006 Posted May 10, 2006 (edited) If your isp has mac filtering you're REQUIRED to spoof your ethernet card's MAC with your routerThat's true unless the technician connected the modem directly to the router to start with. You can have your ISP change the associated MAC address with a phone call, however. Just tell them you got a new computer and give them the new MAC. Most people wouldn't know how to change a NIC's MAC; some can't be changed. Edited May 10, 2006 by 5eraph
Gouki Posted May 10, 2006 Posted May 10, 2006 I think we are missing the point here. It's not the NIC MAC address who is on the ISP DB. It's the MAC address from the modem.(if MAC Filtering was enabled on the ISP)
Guest Posted May 11, 2006 Posted May 11, 2006 It's not the NIC MAC address who is on the ISP DB. It's the MAC address from the modem.With cable modems, that functionality is provided by the DOCSIS standard. With DSL modems (or DSL routers with integrated modems) that functionality should be enforced at the local DSLAM, if I understand it correctly.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now