Jump to content
  • Advertisement
Sign in to follow this  
  • entries
  • comments
  • views


Sign in to follow this  


Dear Mushu,

Greetings. Since yours was the second of three reports we have now received regarding students who are spoofing their MAC address in order to use up more bandwidth, I am writing to ask you to share how you knew you had the ability to do this.

I am concerned that in the future ITC may want to begin referring these incidents to the honor (for identity theft) or to the judiciary committee (for violation of computing policy) if they become more common.

My goal is to understand whether this is a new trend and, if so, perhaps put some effort into educating the E-school (all three cases have come in regarding e-school students) to prevent any disciplinary referrals.

Without expecting any names from you, I would appreciate any information you could share with me.

Feel free to call me in my office this week at ###-#### or reply to this email address.

Best wishes for a good ending to your semester,

Dean's Office
Sign in to follow this  


Recommended Comments

lol, I sent a reply -

The idea of changing a MAC address is nothing new, really. I don't know too much about networking, but from what I've read, MAC addresses were never meant to be used for identification purposes - they were only designed for specific routing purposes.

Most modern router firmware comes equipped with a means of manually setting the device's hardware address, either to that of the computer connected, or to an arbitrary address. I used this method for awhile at the beginning of the semester, simply because it was the easiest at hand. I assume that a hop-counting system was put in place, because my router stopped, well, routing properly. Didn't bother with any tests to see if my assumption was correct, but it seemed like a likely cause.

In any case, I stopped until I accidentally went over my bandwidth limit sometime before Thanksgiving break. At the time, I had decided to maximize my bandwidth by pushing the volume used each day to what I estimated to be the limit, and occasionally having 'download days' where, from midnight to midnight batch scripts would continually download as much as possible.

Well, long story short, when I set the script to run on the 19th of October, I didn't think I would get a bandwidth warning on the 18th. I guess I underestimated that day's usage.

That estimation in itself was always a nightmare - sure, you're guaranteed 750MB/day, but it seems like 5 standard deviations above the mean is almost always around 1.2-2.0GB. It seemed ironic to me that on days when the network is most used, each person is allowed more bandwidth than usual.

So around that time I decided I had waited long enough to start MAC spoofing again. Some casual reading about DHCP gave me a couple ideas, but I didn't really want to implement something too crazy. Then a quick Google search for "MAC Address" turned up the Wikipedia entry, which describes how to change the default hardware address on a variety of systems.

The method used to obtain MAC addresses is another story.

I knew from day one that the system worked by associating a username with each MAC address. When that computer generates non-local traffic, the volume is logged (in what I would now assume to be several places) and attributed to the user account.

There must exist, therefore, MAC addresses which are not assigned to a specific user, which would therefore not get counted. At the beginning of the semester I had used a MAC address from a computer in the Clemens Library, but that's a long walk from Dillard, so I settled for one in the Thorton Stacks.

The problem with using MAC addresses though, is not that they are so easily changed, but they are so easily obtained. Just running Ethereal (a network protocol analyzer) and filtering out the broadcast DHCP offers, any computer has access to the MAC address of essentially every other computer connected to the same router. A completely hypothetical system could, therefore, gather up the MAC addresses of every user on the local network, then distribute its bandwidth over the entire userbase and thus become slightly more concealed. An analysis of bandwidth used by physical connection, however, would root out such a charade.

There are plenty of other holes in the system too.

I remember "lost bandwidth notification emails" being mentioned during the phone call a couple days ago. This sounds suspiciously like another means around the bandwidth control system that I had heard about, but didn't have the means to actually test.

An acquaintance of mine in #gamedev on irc.afternet.org apparently is a B-School grad student, though I've never actually been able to find him (despite many humorous attempts with another friend, a CS grad student from last year) told me how he had 'bribed' an ITC friend with pizza and basketball tickets. In return, he had his email disassociated with his MAC address.

Apparently, the offense isn't counted against the user if the email is never received (which leads me to assume that these are the lost emails). It sounds like a fair deal in premise, but again, it wouldn't be too hard to write a script to kick such emails back in order to sidestep warnings on your account. I'm not entirely sure if such a setup is possible - I have close to no experience with SMTP stuff.

Finally, there are a couple other easy means of bypassing bandwidth limitations, but this letter is getting really long.

I'm honestly not sure how you should handle such a situation, or if more people are going to start trying to abuse the network, however, I think you're taking a good approach. I'm kind of glad I was finally confronted about it, though it was kind of fun waging a little war, figuring out what tweaks blocked the latest attempts and how to circumvent them.

Ah, well. If you want to hear more of my silly stories, my last exam isn't until Thursday night :)

Share this comment

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!