This discussion has moved to NANOG ( nanog@merit.edu ). Please
remember to trim your headers not to cross post to dhcp-server.
In fact, given the quality of your comments, why don't you just
respond to me privately and not waste people's time?
> I think we are in violent agreement. I don't like the
> IP->MAC->Customer mapping, it is forgeable, but it is the only one I
> know we have available. I agree with you that it is not the only
> possible mapping. If you can point me to a better existing mechanism,
> I would be greatful.Saying something is "forgeable" is assuming that it was supposed to be
authentic in the first place. MAC addresses and IP addresses weren't
designed for that.
I never said they were. However, given the design parameters, they
provide useful information which should not be discarded.
> If a database was kept of client MACs, and this information was
> required before access to service was made available, you then have a
> network of known devices and have made a long step towards towards
> assigning responsibility.And every user would have to know the mac address of every piece of
equipment and divulge this to the ISP before they could have service? And
when they wanted to add a new computer, hook up a friend's laptop? Buy a
new NIC card? Come on. If my ISP did that to me, they'd be gone faster
than lemonaid on a hot day.
Exactly. You need to supply the MAC address to bring a computer on
line. Why is the more onerous that supplying a username/password?
Other ISPs restrict the number of systems you can connect, the uses of
those systems (no servers, etc.), block certain ports, etc. That
displeases me as it reduces the value of the network and breaks
end-to-end.
> > are not tied to hardware type or specific device: IP address is much more
> > useful for that, in my opinion, especially if additional information about
> > physical connections (such as port and switch numbers) is available.I tend to agree because:
The mac addresses of the computers in my house may change quite a bit, but
my external IP addresses will remain the same (and have to, since only
those IPs are being routed to me).
Do you have any actual experience with designing or operating such a
public access network? If so, please explain how to get the "port and
switch number" for a user's PC on a cable network as I was unaware of
this functionality.
> Please remember we are talking about large IP over Ethernet *public*
> networks (cable, Etherloop DSL, wireless) which are used by a
> completely heterogeneous population. The operator must support the
> connection of arbitrary devices. Many of the customers have very
> little knowledge of their configuration or networking. The network
> operator must support arbitrary devices and clueless customers.And such clueless users may have no idea what their MAC address is. They
also might have equipment that doesn't list it's MAC address readily.
...and the moon might be made of green cheese.
We haven't had a problem explaining to users how to get their MAC
addresses.
> 3) ARIN has sent the strong message that they expect IP over E public
> network providers to use dynamic IP allocation in order to conserve
> IPv4 addresses.And the intelligent public has sent an equally strong message that dynamic
IPs are not acceptible. Most people I know with DSL or similar service
make sure to use static IPs that are usable for server purposes. Wether
static or dynamic IPs are used, the same _number_ of IPs is required, we
aren't talking about dial-up here where most of the users will be offline
most of the time.
I disagree with all of the above. Since it nothing more than your
opinion and anecdotal evidence, mere contradiction suffices.
> accurately tracked, or that customers be accurately charged for
> their bandwidth usage. In gathering these statistics, a MACI am a bit confused here. Most providers don't charge for bandwidth
usage, they charge for bandwidth availability. My ISP doesn't need to
track the traffic from my MAC address to charge me $Xx.XX for xx mbps.
One needs this information in aggregate in order to model to
accurately set prices. Otherwise, your company will go out of
business when you charge less for the service than the service cost
to provision, or you charge too much to compete with more accurate
models.
Say, what happened to all those DSL providers that were here just a
minute ago?
[ we have been in business for over seven years, and are profitable...]
> > Finally, I would not want to declare under oath that a MAC address
> > absolutely and uniquely identified a client host: it's just too easy to
> > spoof.Again, why even say "spoof", that makes it sound like it's _supposed_ to
be "authentic" or something. I don't thin I am "spoofing" by changing my
MAC address. It wasn't supposed to identify me, and nobody ever said it
was. In fact I have changed the MAC addresses of all of my sparcstations
(which are easily programmable in software!) to be sequential.
That was pretty stupid, wasn't it? Ethernet MACs must be unique to be
to work. Have you ever thought about what would happen if more than
one person on the same network as you chose the same Ethernet MACs?
Further, if you reprogram your MACs, and then you would not get
access until you registered them. So your traffic still could be
tracked.
> Total and absolute agreement. There is no question that it is easy
> for a technical sophisticated customer to spoof a MAC address. This
> fact should always be kept in mind when analysing any information.
Your forgot:
3.) An existing MAC address that isn't currently in use is "spoofed". One
only has to watch the network for a while and get a list of MACs visible
on their net. (this is especially easy typical on cablemodem
networks). Wait until one disappears for a while (computer turned
off?). Assume that MAC address. You could even discover a pattern that a
certain MAC address is only used from X:XX to X:XX on typical days. (some
users only turn on their PCs during certain times).
yawn. I didn't forget; you can't read. See the first part of my
statement. Here it is again:
"Total and absolute agreement. There is no question that it is easy
for a technical sophisticated customer to spoof a MAC address. This
fact should always be kept in mind when analysing any information."
-- noah silva
Noah, go away and don't come back until you have some real experience
and something interesting to say. At least correspond with me
privately.
. o O (Now, where did I put that kill file?)
) is fine for
? ARP broadcasts