MAC address

[viostout]

Hello, I just registered. What people find out about my location/my PC has always bothered me, I was surprised for the 1st time when a website showed my PC model to me. Not like I do anything ileagal in the web ,just curious what info people can actually retrieve about me.
So Shall I start with the questions?:
1. So websites can find out my ip as well as my proxy ip and my city?
2. Websites can find out my PC model as well as my PC's resolution? (btw, any way to hide this?)
3. Websites can find out other websites I visit before them?
4. Is a MAC address available for ANY device? So people can find out that too? Why is there an IP address then?
Thats all I could remember fro now. Thank you for reading

[clanmills]

When you connect on the internet, you always reveal your IP address - that's how the system works. You can obtain the physical address of the 'owner' of the IP address and this is usually the address of your ISP.

When you connect your browser to any web site, you always send 'headers' which provide additional information. In particular it provides your 'UserAgent' which is typically your browser type and version.

When the page is loaded by the browser, the page may contain JavaScript which can obtain more information about your computer, such as the screen resolution, the local time and time-zone. Most browsers offer a 'disable JavaScript' option.

In general, you don't reveal your browsing history. However, JavaScript can access your history and send that information back to the server. If you're concerned, then always restart your browser before you move to another site because JavaScript cannot read into 'dead' sessions.

If you want to remain anonymous, you can use a 'proxy'. The 'proxy' is between you and the server in which you are interested and will hide most of your informatation. The server will see the 'proxy' as the client - not you.

If you are worried about the amount of information being revealed, you have several options:
1) Don't use the internet.
2) Only use the internet from the public library.
3) If you use windows, make sure you have good anti-virus software on your machine. And purchase a maintenance contract to keep it up to date.
4) To remain anonymous, use a proxy server.

To answer you last question about MAC addresses. Every network device (your network card) has a unique MAC and is known to the server. However the internet works using IP addresses. I suppose it might be possible to reconstruct the internet to operate on the MAC address. I suspect that the initial internet design (30 to 40 years ago) only had IP addresses, and MAC addresses appeared later on in the development of the internet.

Robin

[AboveTheLogic]

Reconstructing the internet to operate only on MAC addresses would be a hugely unefficient method!

IP addresses can be grouped and leased. MAC addresses are set to a particular NIC. To have the whole thing operate on MAC addresses would involve some sort of service activating and deactivating your connection based on MAC, and all the routing machines in the world would need to get that registration info to know where to route requests. This is opposed to the current method of an ISP owning a particular block of IPs, and the other machines on the internet knowing to send requests to that ISP to handle.

I think its possible to figure out the maker of a NIC by MAC. I suspect if a site identified your PC type, then you have a stock PC with probably an onboard NIC.

I've seen some sites that will display your local IP to you as well as your external IP (as whatismyip.com does), but thats only a display to you- the server can't see your local IP behind your firewall unless a browser or some other software on your machine is sending that data to it.

[clanmills]

Hi 'Above'

You are totally right. I agree that operating the internet using MAC addresses is not practical. The routing/subnet concepts inherent in the IP address give the network huge flexibility and resilience.

The internet had some very interesting design ideas which reflect its cold war origins. There is no 'big brother' controlling the internet. The messages are able to find their own way through the net - a very desirable property for a network under nuclear attack.

The way in which the internet has been able to grow in size, reach, traffic volume and number of users during the last 15-20 years is an amazing credit to the engineers involved in the design.

So, you're right, it would be hopeless to use the Mac address for routing because it tells you nothing about the location of a device. I wonder why NICs have a globally unique MAC address? Maybe this was added for device identification for use by DHCP servers or simple security.

Robin

[viostout]

Thank you

Quote:

Originally Posted by clanmills

When you connect on the internet, you always reveal your IP address - that's how the system works. You can obtain the physical address of the 'owner' of the IP address and this is usually the address of your ISP.

Yeah, I know.

Quote:

When you connect your browser to any web site, you always send 'headers' which provide additional information. In particular it provides your 'UserAgent' which is typically your browser type and version.

Can I disable sending headers?

Quote:

In general, you don't reveal your browsing history. However, JavaScript can access your history and send that information back to the server. If you're concerned, then always restart your browser before you move to another site because JavaScript cannot read into 'dead' sessions.

I just don't understand why on earth one website would want to find out what other websites I have visited. Ctr+Shift+Del clears history in firefox, is that enough?

Quote:

If you want to remain anonymous, you can use a 'proxy'. The 'proxy' is between you and the server in which you are interested and will hide most of your informatation. The server will see the 'proxy' as the client - not you.

Isn't there a X-Redirected-From in this case?
Does a proxy hide only my IP and MAC, or browser and PC model?

Quote:

1) Don't use the internet.

Quote:

3) If you use windows, make sure you have good anti-virus software on your machine. And purchase a maintenance contract to keep it up to date.

I have. What does that change?

Quote:

To answer you last question about MAC addresses. Every network device (your network card) has a unique MAC and is known to the server.

So my PC, Wii and smartphone have that?
Is that also viewable by websites?

[0siris]

Quote:

Originally Posted by AboveTheLogic

Reconstructing the internet to operate only on MAC addresses would be a hugely unefficient method!

I haven't looked in a while, but I thought the IPv6 address included at least a portion of the MAC address?
Yes, according to Sun's IPv6 overview.

Quote:

The rightmost four fields (64 bits) contain the interface ID, also referred to as a token. The interface ID is either automatically configured from the interface's MAC address or manually configured in EUI-64 format.

Obviously, that quote says it's not *required*, but it's an option.

[clanmills]

You can't disable sending headers with your browser. The HTTP protocol requires a minimum set. However most browsers send more than the minimum. The UserAgent is the most revealing as it tells the server which browser you are. This can be used by the server to decide its response (so a cell phone can receive a different response from a desktop browser). For that matter, the server could return a '404' (not found) for a particular browser or spider.

http://www.whatsmybrowser.com/

I don't know any browser that provides an option to disable UserAgent, however the Safari 'Develop' menu provides an option for you to change it! This is so you can pretend to be different versions of Internet Explorer, or Opera or even user defined. Another header that is almost always found is 'referer'. This is your previous web site. So if you click the link to clanmills.com below, my log will record that you clicked that link from this page. I never look at my logs, so don't worry about this.

I was amazed not to be able to Google up a general purpose header echo, so I wrote one for you:

http://clanmills.com/cgi-bin/echo.pl

I recommend an anti-virus program for all Windows machines. Always. No exceptions. If there is malicious stuff coming over the wire, your anti-virus software could save you from attack.

Ctrl-Shift-Del to clear browser history. Thanks: that's a useful tip.

I can't find a web site which reports your MAC address. I believe that information is on the socket (it's certainly not in the HTTP request headers). Maybe another reader can Google into this and let us know. I could modify echo.pl to get this - however I don't have time today to look into this.

Lastly - thanks for the observation that the MAC address is an optional part of an IPv6 address. Interesting (in my nerdy kind of way)!

Robin

[AboveTheLogic]

Quote:

Originally Posted by clanmills

The internet had some very interesting design ideas which reflect its cold war origins. There is no 'big brother' controlling the internet. The messages are able to find their own way through the net - a very desirable property for a network under nuclear attack.

I'm interested in these early design ideas, I might have to look into that!

Quote:

Originally Posted by 0siris

I haven't looked in a while, but I thought the IPv6 address included at least a portion of the MAC address?
Yes, according to Sun's IPv6 overview.

I haven't read much into IPv6 yet, although I should... but sure, there is no harm in including part of the MAC or even the whole MAC in IPv6, but there needs to be the ability to have other parts of the identifying number that allow for universal traffic routing, flexibility, and the ability to reassign IP leases through DHCP.

[clanmills]

Hi 'Above'

As I understand it, the packets travelling on the network know their origin and destination - but not the route. So they move along the network searching for a way forward. If they reach a dead-end, they pop back along the route and try other routes to reach their destination.

The reason for this was because the guys in the Pentagon wanted to launch missiles while under attack. After sending a message, part of the network could disappear, and more over there's no way of know it has disappeared.

So the consequences are:
1) When a UDP packet is dispatched, you don't know if it made it! (although I believe IP provides delivery information by sending a reverse 'ack' message).
2) Consecutive packets may take different routes and therefore can arrive out of sequence.
3) The TCP part of the protocol is able to reassemble the packets into a complete message (the packets contain sequence information from which to correctly reassemble the message).

The command tracert.exe (traceroute on UNIX) is rather interesting. Packets contain a 'max hop' which is decremented every time the packet is forwarded. So traceroute tries to find the route by setting 'max hop=1', and 'tell me how far you went when you gave up'. Then max hop = 2 ... and so on until success.

I've run traceroute below to show you how it finds its way from my Mac, to my belkin router, through the ISP and onto the freeway in San Jose. He leaves in Chicago (ord), and a couple of hops later he's at cl11.justhost.com server (which hosts clanmills.com).

Amazing and ingenious, don't you think?

516 /Users/rmills $ traceroute clanmills.com
traceroute to clanmills.com (69.175.29.42), 64 hops max, 52 byte packets
1 belkin (192.168.2.1) 1.198 ms 0.845 ms 0.837 ms
2 h-64-105-136-1.snvacaid.dynamic.covad.net (64.105.136.1) 38.582 ms 37.725 ms 38.286 ms
3 192.168.21.5 (192.168.21.5) 38.018 ms 38.948 ms 37.930 ms
4 ge-6-21.car1.sanjose1.level3.net (63.209.0.173) 37.994 ms 37.230 ms 37.359 ms
5 ae-3-89.edge1.sanjose3.level3.net (4.68.18.144) 38.032 ms 38.247 ms 38.378 ms
6 64.125.13.241 (64.125.13.241) 37.737 ms 38.006 ms 38.501 ms
7 xe-4-1-0.er1.sjc2.us.above.net (64.125.27.90) 38.421 ms 38.965 ms 39.357 ms
8 ge-3-1-0.mpr1.sjc2.us.above.net (64.125.28.18) 40.378 ms 38.758 ms 39.590 ms
9 so-0-3-0.mpr1.ord2.us.above.net (64.125.26.138) 91.750 ms 94.295 ms 90.857 ms
10 xe-1-3-0.cr1.ord2.us.above.net (64.125.29.5) 91.734 ms 91.804 ms 90.762 ms
11 xe-1-1-0.er1.ord2.us.above.net (64.125.26.186) 91.752 ms 90.766 ms 91.352 ms
12 xe-0-1-0.mpr1.ord6.us.above.net (64.125.31.197) 90.926 ms 91.208 ms 90.639 ms
13 64.124.146.110.allocated.above.net (64.124.146.110) 91.720 ms 91.955 ms 91.283 ms
14 asw-fu139.ord03.singlehop.net (69.175.1.150) 91.723 ms 91.331 ms 93.093 ms
15 cl11.justhost.com (69.175.29.42) 91.136 ms 91.990 ms 91.663 ms
517 /Users/rmills $

It's mind-boggling to think that millions of messages are making different journeys all over the globe at the same time and folks are sitting in coffee-shops in Australia or England, saying "clanmills.com's a bit slow today". It's a miracle of engineering.

Robin

[viostout]

Great, my MAC address is public as well, http://www.gorlani.com/publicprj/mac.../macmakeup.asp -what do you think?

Quote:

I don't know any browser that provides an option to disable UserAgent

How about this?: https://addons.mozilla.org/en-US/firefox/addon/59
http://johnbokma.com/mexit/2004/04/2...useragent.html (I don't get it)

[AboveTheLogic]

Robin, I've never heard it explained that way before- very interesting. I've used traceroute many times, but never bothered to look into what the term "hop" really means.

[clanmills]

Quote:

Originally Posted by viostout

Great, my MAC address is public as well, http://www.gorlani.com/publicprj/mac.../macmakeup.asp -what do you think?

How about this?: https://addons.mozilla.org/en-US/firefox/addon/59
http://johnbokma.com/mexit/2004/04/2...useragent.html (I don't get it)

That MacMakeUp program enables you to invent a new MAC addresses (and spoofs a registered manufacturer). However I don't see it reporting my MAC address, or am I missing something? A little 'gripe' about spelling MAC = Media Access Control, Mac = Apple's MacIntosh Computer.

The Firefox add on is about the same as the Safari Develop/UserAgent Menu item. Useful (if you're a web developer).

Quote:

Originally Posted by AboveTheLogic

Robin, I've never heard it explained that way before- very interesting. I've used traceroute many times, but never bothered to look into what the term "hop" really means.

Thank You, Steve. Now that I've given you a little insight, you'll probably find the man page easier to understand: http://developer.apple.com/Mac/libra...ceroute.8.html

Robin

[wimiadmin]

Quote:

Originally Posted by clanmills

However I don't see it reporting my MAC address, or am I missing something?

I agree Robin....so I'm not quite sure why the link was provided other than to show there is software to help spoof your MAC.

I don't know of a method or a site that will display your MAC address.

Viostout - your MAC address is public in the sense that the server or router you're connected to can identify it and even log it in certain circumstances. But when surfing the net, I'm 99.9% sure no sites track you by MAC address or can even identify your MAC address

[viostout]

Quote:

Originally Posted by wimiadmin

I'm not quite sure why the link was provided other than to show there is software to help spoof your MAC.

Didn't someone say you can't change your MAC address here? My bad

Quote:

Originally Posted by wimiadmin

I don't know of a method or a site that will display your MAC address.

Me neihter

Quote:

Originally Posted by wimiadmin

Viostout - your MAC address is public in the sense that the server or router you're connected to can identify it and even log it in certain circumstances. But when surfing the net, I'm 99.9% sure no sites track you by MAC address or can even identify your MAC address

how about this then?:

Quote:

Originally Posted by 0siris

I haven't looked in a while, but I thought the IPv6 address included at least a portion of the MAC address?
Yes, according to Sun's IPv6 overview.

Whatever, seems like if my whole isp is banned I'll have to use a proxy. I'm a bit confused on how proxys work. I thought they were websites that go to other websites for you and send what they recieve back to you.
But this thread made me unsure: http://forum.whatismyip.com/f6/proxy-t176/
What does this do?

[wimiadmin]

Quote:

Originally Posted by viostout

Didn't someone say you can't change your MAC address here? My bad

You can't change your MAC. You can spoof it though. It's like a fake ID. Fake ID is your picture with a different bday to make the viewer think you're older than you actually are when in fact your real birthday is still the same.

As for the IPv6 showing part of your MAC, unless you're getting an IPv6 assigned to you then you don't have to worry about it. If your IP shows up on our homepage then it's not IPv6 as we haven't implemented that code yet.

Quote:

Originally Posted by viostout

Whatever, seems like if my whole isp is banned I'll have to use a proxy. I'm a bit confused on how proxys work. I thought they were websites that go to other websites for you and send what they recieve back to you.
But this thread made me unsure: http://forum.whatismyip.com/f6/proxy-t176/
What does this do?

Proxy's can be set up as a web page or a server. Not sure what's making you unsure when reading the thread you've linked to above. A proxy is a 'private' link between you and the web sites you surf to. I put private in quotes because not all proxies make you completely anonymous. The best way to discover if you're protected via the proxy is to connect to it then surf to www.whatismyip.com and see if we show your real IP address. Keep in mind we don't detect all proxies, but the majority of the popular ones will be detected and you will be alerted right under the IP address shown on our home page.

[clanmills]

Hi V

This is turning into a very interesting discussion. Thank you for leading us down this road.

I believe a proxy is a 'middle-man/relay' between you and the server.
http://en.wikipedia.org/wiki/Proxy_server

In the article the author has listed a number of benefits in using a proxy (so I won't bother to list them again). For sure, the server no longer knows your IP address - he sees the proxy as his client and you're anonymous.

Mind you, a webmaster who uses an 'IP black list' (probably .htaccess) to deny you service, probably also denies service to your proxy!

The command 'arp' can be used to determine the MAC address of the adapter over the network. I've run 'arp' from my Linux box, to determine the MAC of my Mac (which I call imac).

501 /home/rmills$ uname -a
Linux ubuntu7 2.6.31-17-generic-pae #54-Ubuntu SMP Thu Dec 10 17:23:29 UTC 2009 i686 GNU/Linux
502 /home/rmills$ ping -c 2 imac
PING imac (192.168.2.105) 56(84) bytes of data.
64 bytes from imac (192.168.2.105): icmp_seq=1 ttl=64 time=0.955 ms
64 bytes from imac (192.168.2.105): icmp_seq=2 ttl=64 time=0.990 ms

--- imac ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.955/0.972/0.990/0.035 ms
503 /home/rmills$ arp imac
Address HWtype HWaddress Flags Mask Iface
imac ether 00:1b:63:bc:9a:3b C wlan0
504 /home/rmills$
And here's the GUI on the iMac's Preferences/Network/Advanced/Ethernet:


I don't know how the command 'arp' did this. You could get and read the source code for arp as it is publicly available.

There's nothing to stop a CGI script running 'arp' against your ip address (which he knows) to determine and log your MAC address. I agree with WimiAdmin (as always) that this information isn't normally in the log file.

Robin

[AboveTheLogic]

I'd just like to note that some windows based drivers for NICs open up the option for you to change your MAC right in device manager.

What I'm unsure of, though, is if its storing that MAC in software or hardware. It would be interesting to change the MAC, then move that NIC to another machine and see if it reverts back to the original MAC or keeps the MAC you changed it to.

[0siris]

Quote:

Originally Posted by AboveTheLogic

I'd just like to note that some windows based drivers for NICs open up the option for you to change your MAC right in device manager.

What I'm unsure of, though, is if its storing that MAC in software or hardware. It would be interesting to change the MAC, then move that NIC to another machine and see if it reverts back to the original MAC or keeps the MAC you changed it to.

I'm 90% certain the altered MAC is in the driver/software. I've always understood the factory MAC to be set in ROM.

Someone beat me to mentioning ARP for MAC address lookup. ARP is, I believe actually pulling information from Layer 2 packet date. Layer 2 is of the OSI model of network communications. There's a lot more to Layer 2 than this, but, basically, all TCP/IP communications, at heart, is MAC to MAC communications, carried out at this level. The Wikipedia link above is fairly close to what I've found at other, more technical sites, and is of much simpler language. I normally don't use Wikipedia as a source unless I double-check it, but I've done so on this one.

[AboveTheLogic]

Yes, I'm also pretty sure the MAC is in the software only, but it is very possible that the software is somehow writing this information to (not a ROM) RAM or an EPROM of some sort.