Jump to content

[MISC] Renew IP address?


 Share

Recommended Posts

I'm guessing that filtering access by MAC address would be too labor-intensive for my ISP. It spans most metropolitan areas in a fairly large geographical area with potentially thousands of users. Much of the system is automated.

it's normal for MACs not to be filtered. only nosy little obscure internet providers do that.

the major carriers like earthlink and sbc could care less what your MAC is so long as you provide a valid id & password at login.

i imagine the cost of thousands of MAC-related technical support calls would cancel out -any- sort of benefits that MAC filtering might provide

Link to comment
Share on other sites


the major carriers like earthlink and sbc could care less what your MAC is so long as you provide a valid id & password at login.

So all that talk about multifactor security being a good thing is all wrong?

I will continue with my opinion regarding it.

Something you know and something you have will *always* be more secure than just using one part of the equation.

i imagine the cost of thousands of MAC-related technical support calls would cancel out -any- sort of benefits that MAC filtering might provide

Really? And why would that be?

I know of a company - TVCabo.pt - who has this implementation.

They provide service for thousands of users, and if it was something that would cause them any problem, it would have been removed by now.

I never thought this could end up being something bad for an ISP, but you must have your reasons.

I am interested on what you have to say about it.

Link to comment
Share on other sites

one man's security is another's annoyance.

i've never had an isp account hacked, and if it ever did happen, well i can afford the 13 bucks.

i now see the value of the filtering service, i had never thought of an end user seeing it as a plus, for some reason i was thinking it was beneficial for the ISP somehow.

i guess i've just never been too concerned about my isp accounts. i never use their associated email accounts and i use evil passwords. i figure that's good enough.

Link to comment
Share on other sites

I know this topic has drifted off-topic, but I'm wondering if we're all talking about the same thing...

I've never used DSL so I am not very familiar with it. I've always had cable internet, which may or may not have better resistance to external internet access hacking. This has nothing to do with the ISP provided email or other services. They have separate logins and can be accessed from anywhere, even if you're not on their network. This makes it easy to check email from out of town.

My guess is that with a cable modem, the modem itself has a MAC address which may be registered somewhere upstream. Mine uses standard DOCSIS 2.0 and was provided by my ISP. In this situation the PC or router behind the modem is not verified by MAC; it's not verified at all, which is why changing IP addresses is so easy for me.

If someone patches into the cable line in the yard the cable company can pretty easily detect it. I don't know exactly how, but I've heard of it happening with stolen cable television.

Anyway, what I'm trying to say and can't seem to easily put into words is simply this: The only reason I can see for an ISP to verify whether an internet connection is legitimate is to protect the bandwidth dedicated for paying customers. The only time I can see pirated bandwidth being an issue is if there are too many people sharing a fiber (in the case of my ISP). It is my understanding that bandwidth is audited time and again to see where there are bottlenecks. When they investigate a bottleneck they can check the runs connected to it for "leaks," then consider upgrading their equipment if there are no illegal taps.

Gouki, I'm interested in knowing what other considerations you have in mind on this issue, and why exactly you believe internet service should be locked down by PC or router MAC address, which can be easily changed.

Edited by 5eraph
Link to comment
Share on other sites

i've never had an isp account hacked, and if it ever did happen, well i can afford the 13 bucks.

i guess i've just never been too concerned about my isp accounts. i never use their associated email accounts and i use evil passwords. i figure that's good enough.

The problem here is not about the $13. First of all, I don't care how much my ISP charges monthly. My Internet access is mine, therefor, no one else should be able to use it.

Just because you don't use the webhosting space and the e-Mail account, doesn't mean that it's O.K to be hacked. Actually, that's the least of your problems.

If I had a homepage hosted with my ISP and by any chance I (not they) got hacked, reading the e-Mail's and looking at the files I had hosted was not something I was worried about. What would make me pretty afraid was using my account to watch pornography, pedophilia or even hack anyone else. Those are the real problems.

MAC filtering is something invisible for the human eye. If your ISP decided to enable it, you won't even notice, so, there would not be any work dependant on the home user.

I know this topic has drifted off-topic, but I'm wondering if we're all talking about the same thing...

Gouki, I'm interested in knowing what other considerations you have in mind on this issue, and why exactly you believe internet service should be locked down by PC or router MAC address, which can be easily changed.

Yep. It's really off-topic since the last posts. :blink:

Just because something can be hacked, doesn't mean it shouldn't be implemented.

I once read an article about wireless being more secure than wired. At first I was completely shocked by the author's title. As I read through the text I realized that he was making a good point.

Wireless has many problems, and most of them are security, or lack of, related. However, and because of that same problem (lack of security) people were so afraid that they would protect their network with all they got, making it sometimes allot more secure than wired, since that technology people have come so used to it, that most of the times they don't mind protecting it.

I know that MAC addresses can be easily spoofed, but why not use it? It's not that hard to implement at an ISP (contrary to what has been said around here) so it would just be an extra that could make things more secure. Even if it's just 1%.

Link to comment
Share on other sites

I once read an article about wireless being more secure than wired. At first I was completely shocked by the author's title. As I read through the text I realized that he was making a good point...

I see your point, Gouki, having set up a wireless network for a friend of mine not too long ago (WPA2-PSK only, nonbroadcast SSID, MAC filtered LAN and internet access). That's one reason why I ran CAT6 throughout my house; the other reason was for gigabit speeds, but that's not related to the argument here. I do have the option to limit LAN and internet access by MAC independently in my router, and I've played with it, but as often as I'm working on other people's machines I've found it to be too much of a hassle when transferring drivers and updates between machines that I haven't worked on before.

I feel secure not using those options in my LAN because someone would need physical access to my cables and hardware, which I'm not likely to provide to someone off the street. I have no wireless access, by choice. Outside the house is beyond my control, and I suppose I would feel safer... but there's nothing a hacker could access on my account without my username and password. Any modem they attach outside to a patched line should uniquely identify them, and should be remotely disabled by default if it hasn't been legitimately connected to the ISP before. I do like checking my email from anywhere, and I can update my ISP-provided webspace away from home as well. These are features that I use and appreciate.

I don't believe my ISP would get much of a security benefit by limiting access by MAC address when everything else it provides to customers can (and, perhaps, should) be accessable from anywhere on the net, wherever and whenever I want to. As long as they can monitor and audit the modems that are connected (as my ISP does with DOCSIS 2.0) there shouldn't be any problems.

I know that MAC addresses can be easily spoofed, but why [would an ISP] not use it?

I can't think of a good reason an ISP wouldn't. I can only tell you that I don't need it in my LAN. :)

Edited by 5eraph
Link to comment
Share on other sites

If your isp has mac filtering you're REQUIRED to spoof your ethernet card's MAC with your router

That's true unless the technician connected the modem directly to the router to start with. You can have your ISP change the associated MAC address with a phone call, however. Just tell them you got a new computer and give them the new MAC. Most people wouldn't know how to change a NIC's MAC; some can't be changed.

Edited by 5eraph
Link to comment
Share on other sites

I think we are missing the point here.

It's not the NIC MAC address who is on the ISP DB. It's the MAC address from the modem.

(if MAC Filtering was enabled on the ISP)

Link to comment
Share on other sites

It's not the NIC MAC address who is on the ISP DB. It's the MAC address from the modem.

With cable modems, that functionality is provided by the DOCSIS standard. With DSL modems (or DSL routers with integrated modems) that functionality should be enforced at the local DSLAM, if I understand it correctly.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...