homepage Welcome to WebmasterWorld Guest from 54.145.243.51
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
How to acquire MAC address in order to prevent fraud?
Preventing Fraud
davidandrews

5+ Year Member



 
Msg#: 4535 posted 5:38 am on Oct 10, 2005 (gmt 0)

Hi,

I am working on a way to prevent fraud and I have been told that there is a way to grab MAC address using Javascript. Does anybody know how this would work? If you see multiple IP addresses originating from a unique MAC address it would lead one to believe that the transactions occuring have a higher probability to be fraudulent.

Any feedback would be greatly appreciated.

David

 

Bernard Marx

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 5:56 am on Oct 10, 2005 (gmt 0)

I can't see any reason for MAC addresses to escape onto the internet. I certainly hope mine isn't. It may help prevent fraud, but would destroy personal privacy at a stroke.

snookie

10+ Year Member



 
Msg#: 4535 posted 10:13 am on Oct 10, 2005 (gmt 0)

Just had a quick discussion on this in the office. At a webpage level we reckon that this would be impossible - we know of no way of accessing that info. At http level its no good either as its not in the protocol so any scripting language would be screwed. However, if your working at tcp/ip level (and building your own webserver) you can get it. However, I'm told that this is not great as it'll be the MAC address of the last router (or whatever) that your request passed through.

Right, now I'm waiting for some JSP/PHP expert to tell me its possible now...

Bernard Marx

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 10:57 am on Oct 10, 2005 (gmt 0)

it'll be the MAC address of the last router (or whatever) that your request passed through.

Precisely. From my limited memory of networking, MAC addresses are purely on the "Physical" layer and carried in frames, which only exist from one node to the next. Only packets (encapsulated from hop to hop within frames) are transported from source to destination, and they only carry IP addresses.

As I said, if MAC addresses were advertised to the internet at large, it would be pointless having any hope of privacy.

davidandrews

5+ Year Member



 
Msg#: 4535 posted 3:44 pm on Oct 10, 2005 (gmt 0)


I appreciate all of your help and understand the privacy concerns. The only goal is to prevent fraud - not to profile or do things that have privacy concerns. It is my understanding that some variation of it can be done.

Thanks for everybody's help.

David

Terabytes

10+ Year Member



 
Msg#: 4535 posted 4:30 pm on Oct 10, 2005 (gmt 0)

Being in networking for over 9 years...

It is more than possible to detect a MAC address.
As a matter of fact, on a VPN connection you can specify that only a specific MAC address has the ability to connect to the VPN for example.

Any NIC placed in public, (IE connected to the internet directly) can have it's MAC address read.

If your network is behind a firewall, or is NAT'd you can hide yourself. However, the MAC address for the firewall or router you are using can be found.

What makes everyone so sure that the SE's and others are NOT using this info? 8-)

I'd sure be, if it related to cash in my pocket.

Anyone who has ever packet sniffed, can tell you the MAC address is VERY available.

Hope that clears that up.

Tera

[edited by: jatar_k at 6:01 pm (utc) on Oct. 10, 2005]
[edit reason] removed url [/edit]

Tapolyai

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 5:17 pm on Oct 10, 2005 (gmt 0)

Hmmm....

I was under the impression MAC address is a layer 2 routing protocol requirement. Therefore any IP information would be "wrapped" within such packet...

that is, presuming Ethernet type (And don't bite me if I missing parts, it's off of the top of my head):

[MAC source][MAC Destination][Ether Type][DATA][CRC]

then the [DATA] from above contains the IP (or ARP, RARP, ICMP, etc.), in the following format for :

{Version}{Hlength}{Service Type}{Total Length}{ID}{Flags}Frag Offs}{TTL}{{Protocol}{Header}{CRC}{Source Address}{Destination Address}{Opt.}{Data}

So the complete packet at Layer 2 is

[MAC source][MAC Destination][Ether Type][{Version}{Hlength}{Service Type}{Total Length}{ID}{Flags}Frag Offs}{TTL}{{Protocol}{Header}{CRC}{Source Address}{Destination Address}{Opt.}{Data}][CRC]

The MAC address HAS to be stripped at each hop. Therefore MAC addresses are not made for "routing".

For a VPN to function properly, it has to have access to layer 2 at the client side. This is why you have to install a "VPN client".

If you can craft a client side code, such as a Java, ActiveX, etc. piece that grabs this information and captures this in the {DATA} section, you have your solution.

As I said before, I might be wrong, so I am open to correction.

Frank_Rizzo

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 5:38 pm on Oct 10, 2005 (gmt 0)

If you could identify users from their PC mac address then that would only work for those with NIC's. Anyone using a USB modem or a dialup modem would not have a MAC address.

RonPK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 6:02 pm on Oct 10, 2005 (gmt 0)

Of course the MAC address can be detected, just not with ordinary JavaScript. You'll probably need some ActiveX component (on Windows) that performs some NetBIOS magic. The user will have to agree to use the ActiveX thing.

aspdaddy

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 6:08 pm on Oct 10, 2005 (gmt 0)

Terabytes is right. I use MAC Addresss all the time to allow users to connect to a WAN I manage. You do need to be firewalling at layer two to get this info.

Tapolyai

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 7:11 pm on Oct 10, 2005 (gmt 0)

aspdaddy, what kind of "WAN" is your WAN?

Might want to look at the ISO OSI layers, and how MAC addresses are handled. ;-)

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4535 posted 10:12 pm on Oct 10, 2005 (gmt 0)

Anyone using a USB modem or a dialup modem would not have a MAC address

USB (broadband) modems typically have a mac address. Dialup modems do not have a mac address.

Kaled.

aspdaddy

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 10:33 pm on Oct 10, 2005 (gmt 0)

what kind of "WAN" is your WAN?

The M$ Type.

Whats OSI Layers, something to do do with 7 onion skins, I slept thru most of that stuff ;)

Form the ISO/OSI Spec:
The data link layer's (thats layer 2!)protocol-specific header specifies the MAC address of the packet's source and destination.

Tapolyai

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 1:46 am on Oct 11, 2005 (gmt 0)

Whats OSI Layers, something to do do with 7 onion skins, I slept thru most of that stuff

Form the ISO/OSI Spec:
The data link layer's (thats layer 2!)protocol-specific header specifies the MAC address of the packet's source and destination.

Right... Which would confirm my statement. ;-)

MAC addresses do not get included in the IP packet, therefore your IP information will not contain the MAC address of the source, unless you use something like a higher layer to store the MAC address in the DATA section... (You can't put your pocket inside a penny... but you can put the penny inside your pocket.)

They are Application/Presentation/Session/Transport/Network/Data Link/Physical.

MAC addresses on Ethernet follow the MAC-48, or EUI-48, and pretty much any device can have a MAC address as long as their function is to Control the Access to the Media on an Ethernet...

If MAC addresses were included in the IP packet, then why do we need ARP/RARP?

How about when the IP packet comes from a Token Ring or AppleTalk or SNA segment? What is "MAC address" for those packets?

Frank_Rizzo

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4535 posted 9:51 am on Oct 11, 2005 (gmt 0)

Anyone using a USB modem or a dialup modem would not have a MAC address

USB (broadband) modems typically have a mac address. Dialup modems do not have a mac address.

Cable modems which are connected PC side via USB may have a MAC address for the modem itself but 'standard' ADSL / Broadband modems here in the UK do not. They are just seen as a 512K dial up modem.

I don't know the exact figures but the majority of broadband users in the UK could be using USB modems and that would equate to a few million without MAC addresses.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved