PDA

View Full Version : determining TCP/IP client acces from MAC address



Ron
October 13th, 2002, 04:55 PM
MAC address spoofing is just a little harder, don't trust it too much. But if anyone knows how to retrieve the MAC address of an incomming connection i'll see what i can do.

Ron
October 13th, 2002, 04:55 PM
I've been digging around a little too, and indeed it looks as if it is not possible to get the MAC address from TCP/IP layer. Thus we need a lower level driver, now these are available, but most of them can be found in the 'grey' area of the internet. They where written by the guys that also make exploits, now i'm not to comfortable with distributing that with Girder. If anyone thinks differently or knows more about this subject don't hesitate to teach us all :wink:

Ron
October 13th, 2002, 04:55 PM
Thanks, I'll look at this function.

-Ron

bhoule
October 13th, 2002, 04:55 PM
In the settings for the TCP/IP server, there is a list of the IP address of allowed clients. If the remote computer uses DHCP, its IP address could change each time it boots.

Instead of only defining client acces in terms of IP address, can we also allow clients according to their MAC address?

In addition to making it easier for it to work with DHCP, this also gives us another level of security because it is much harder to change your MAC address than your IP address.

bhoule
October 13th, 2002, 04:55 PM
I just looked around the web for info on this and it looks like you send an ARP packet to determine the MAC address. I don't know how hesitant you are to work with ARP packets in a TCP server, but this looks like the way to do it.

I originally thought it would be easier to do because when you use a packet sniffer you can see the MAC source and destination addresses. Now I realize that the packet sniffer gets the MAC address not from the TCP layer, but from another layer in the packet.

Here is the ARP chapter from a microsoft book of TCP/IP protocols and services:
http://mspress.microsoft.com/prod/books/sampchap/2453.htm

<font size=-1>[ This Message was edited by: bhoule on 2001-06-08 03:37 ]</font>

bhoule
October 13th, 2002, 04:55 PM
I think GetIpNetTable may work! Here is the documentation: http://msdn.microsoft.com/library/psdk/rras/tcpip_84f9.htm

<font size=-1>[ This Message was edited by: bhoule on 2001-06-10 20:09 ]</font>

stringfellow
October 13th, 2002, 04:55 PM
Do not agree.

Try "arp -a" on your machines cmd-(or dos)-box.
You will see the ip-address and the corresponding physical address. arp is a good starting point for this.

http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html

If you want, i can try to find/implement it.

stringfellow
October 13th, 2002, 04:55 PM
Try to use
GetIpNetTable in Iphlpapi.h. (Library: Iphlpapi.lib)

But the requirements are:
Windows NT/2000: Requires Windows NT 4.0 SP4 or later.
Windows 95/98: Requires Windows 98.

JayGuerette
October 13th, 2002, 04:55 PM
I posted TCP/IP Server Plugin v2.0 beta 3.

This version lets you specify allowed hosts by their MAC address.

Available at:
http://www.guerette.net/girder/

habee
October 13th, 2002, 04:55 PM
Maybe this is of interest for you, i donīt know how it works, but you probably should look on it:

http://download.microsoft.com/download/win2000platform/getmac/1.00.0.1/nt5/en-us/getmac_setup.exe

habee
October 13th, 2002, 04:55 PM
Another maybe useful tool, itīs written in perl and returns the mac-adress and ip

http://www.eicndhcpd.ch/getmac.html

habee
October 13th, 2002, 04:55 PM
Itīs again me, but iīve found so many interesting links when typing getmac into google:

Here is the equivalent of getmac in scripting language:

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=5139

It does actually only work on local adapters, but the author gives a hint how to use it with remote machines...