Quote:The idea of changing a MAC address is nothing new, really. I don't know too much about networking, but from what I've read, MAC addresses were never meant to be used for identification purposes - they were only designed for specific routing purposes.

Most modern router firmware comes equipped with a means of manually setting the device's hardware address, either to that of the computer connected, or to an arbitrary address. I used this method for awhile at the beginning of the semester, simply because it was the easiest at hand. I assume that a hop-counting system was put in place, because my router stopped, well, routing properly. Didn't bother with any tests to see if my assumption was correct, but it seemed like a likely cause.

In any case, I stopped until I accidentally went over my bandwidth limit sometime before Thanksgiving break. At the time, I had decided to maximize my bandwidth by pushing the volume used each day to what I estimated to be the limit, and occasionally having 'download days' where, from midnight to midnight batch scripts would continually download as much as possible.

Well, long story short, when I set the script to run on the 19th of October, I didn't think I would get a bandwidth warning on the 18th. I guess I underestimated that day's usage.

That estimation in itself was always a nightmare - sure, you're guaranteed 750MB/day, but it seems like 5 standard deviations above the mean is almost always around 1.2-2.0GB. It seemed ironic to me that on days when the network is most used, each person is allowed more bandwidth than usual.

So around that time I decided I had waited long enough to start MAC spoofing again. Some casual reading about DHCP gave me a couple ideas, but I didn't really want to implement something too crazy. Then a quick Google search for "MAC Address" turned up the Wikipedia entry, which describes how to change the default hardware address on a variety of systems.

The method used to obtain MAC addresses is another story.

I knew from day one that the system worked by associating a username with each MAC address. When that computer generates non-local traffic, the volume is logged (in what I would now assume to be several places) and attributed to the user account.

There must exist, therefore, MAC addresses which are not assigned to a specific user, which would therefore not get counted. At the beginning of the semester I had used a MAC address from a computer in the Clemens Library, but that's a long walk from Dillard, so I settled for one in the Thorton Stacks.

The problem with using MAC addresses though, is not that they are so easily changed, but they are so easily obtained. Just running Ethereal (a network protocol analyzer) and filtering out the broadcast DHCP offers, any computer has access to the MAC address of essentially every other computer connected to the same router. A completely hypothetical system could, therefore, gather up the MAC addresses of every user on the local network, then distribute its bandwidth over the entire userbase and thus become slightly more concealed. An analysis of bandwidth used by physical connection, however, would root out such a charade.

There are plenty of other holes in the system too.

I remember "lost bandwidth notification emails" being mentioned during the phone call a couple days ago. This sounds suspiciously like another means around the bandwidth control system that I had heard about, but didn't have the means to actually test.

An acquaintance of mine in #gamedev on irc.afternet.org apparently is a B-School grad student, though I've never actually been able to find him (despite many humorous attempts with another friend, a CS grad student from last year) told me how he had 'bribed' an ITC friend with pizza and basketball tickets. In return, he had his email disassociated with his MAC address.

Apparently, the offense isn't counted against the user if the email is never received (which leads me to assume that these are the lost emails). It sounds like a fair deal in premise, but again, it wouldn't be too hard to write a script to kick such emails back in order to sidestep warnings on your account. I'm not entirely sure if such a setup is possible - I have close to no experience with SMTP stuff.

Finally, there are a couple other easy means of bypassing bandwidth limitations, but this letter is getting really long.

I'm honestly not sure how you should handle such a situation, or if more people are going to start trying to abuse the network, however, I think you're taking a good approach. I'm kind of glad I was finally confronted about it, though it was kind of fun waging a little war, figuring out what tweaks blocked the latest attempts and how to circumvent them.

Ah, well. If you want to hear more of my silly stories, my last exam isn't until Thursday night :)