capturing MAC address over internet?

[cyanidemonkey]

Hi,

We have problems with guys cheating in and/or crashing our game servers, I was going to just get the offenders IP addy and block them, but I figure they will just reset their IP or use a proxy.

I have seen some threads here on capturing the NICs MAC address, is this possible over then internet? ie. would I be able to capture the game hackers MAC addy remotely?

[rudika]

Hi,

We have problems with guys cheating in and/or crashing our game servers, I was going to just get the offenders IP addy and block them, but I figure they will just reset their IP or use a proxy.

I have seen some threads here on capturing the NICs MAC address, is this possible over then internet? ie. would I be able to capture the game hackers MAC addy remotely?

moin, moin... !

Ooh I believe this is a difficult task, you would have to be able to intercept with netmon an ip package and select from its hader the mac adress. but how you exactly want to know which packages from hakker come

[w0uter]

IMO you should just IP-ban him.

If he is an hacker that craches servers he probly doesnt even know what a IP is.

[pingpong24]

I belive it is impossiable to capture mac address.

edit:

also it is very easy to change the mac address, if you have a router etc.

Edited January 27, 2006 by pingpong24

[cyanidemonkey]

oh bugga, ok, I'll do IP banning.

It's just that EA Games did something like that back in the BF2 demo days to ban hosts who used cracks to unlock time limits and weapons, but how they did it only they know. I thought it might be possible.

I did not realise the mac addy could be changed via the router, kinda defeats the perpose I spose

Edited January 27, 2006 by cyanidemonkey

[JSThePatriot]

Basically... if it has been created, it can be destroyed. With enough time, patience, knowledge, and wisdom of course.

Thanks,

JS

[Confuzzled]

If you have control over the development and code of the software being run at the other end, why not create an unique identifier which they need to connect to your server? A lot of people do it - it is called a serial number. You can then check that against your list of authorised people before letting them use your server and remove them from that list if you wish either temporarily or permanently.

The MAC address is usually unique but can be changed too!

If you do not have control over the code at the remote end then the IP address is pretty much all you have to go by.

[PartyPooper]

IMHO (and having run a game server in the past),

Banning MAC address

- waste of time because many routers now have an inbuilt ability to change the MAC address

- very hard to capture MAC address unless your game server software is able to remotely do it

Banning IP addresses

- waste of time because no cheater is going to use a permanent IP

- most ISP's use dynamic IP's, so IP banning is just plain stupid on this point alone

- changing your dynamic IP is a simple matter of disconnecting and reconnecting again a few minutes later

- because most IP's are dynamic, you end up banning a valid player and your email box starts to fill up with complaints (very time consuming)

Banning User ID/Name

- waste of time because most cheaters use fake online names rather than their true handle

- too easy to change so all you end up with is a list of banned usernames

- good if you want only clean(ish) usernames displayed on your server (ie. no usernames that include the phrases f*ck or c*nt etc).

Banning Game Serial Numbers

- very effective against the casual/not too bright cheater

- costs them money to get a new serial number (they have to buy another game)

- not 100% effective against hard core cheaters because they have many serial numbers (stolen from noobs via worms)

- you may need to run the anti-cheater software from the game company because the serial number may not be available to the server operator

Some additional things you can do to minimise cheating:

Banning Domains/Countries

- good if you want to control who accesses your server to keep ping times reasonable

- not effective if the cheater owns his/her own domain

- banning an entire domain because of one cheater is stupid (email box complaint thingy again)

Banning Proxies

- effective in that it requires a valid internet ISP (which means you have a point of complaint)

- not effective if cheater runs an ISP or owns his/her own domain

Banning Accounts

- some game accounts require valid email addresses (reduces the number of casual cheaters).

- not effective unless you ban free email accounts (eg. Yahoo, Hotmail etc)

- not effective if cheater runs his/her own mail server.

Banning Hard Drive Serial Numbers

- effective in that it requires a complete format which is time consuming

- requires software to detect it

Require Anti-Cheat Software

- effectiveness varies depending on the game and the anti-cheating software used

- requires software running on the client

And for something really radical (I don't necessarily subscribe to this viewpoint): allow cheating/hax on your server and provide gamers with them. This way, everyone is on a level playing field again

I guess you could always write an AutoIt script that assigns a random number (unique identifier) to a computer which is interrogated by the server for validity prior to the game starting. This way, it's not relying on any of the above methods to determine the cheaters identity.

[PsaltyDS]

Hi,

We have problems with guys cheating in and/or crashing our game servers, I was going to just get the offenders IP addy and block them, but I figure they will just reset their IP or use a proxy.

I have seen some threads here on capturing the NICs MAC address, is this possible over then internet? ie. would I be able to capture the game hackers MAC addy remotely?

The MAC address in the packets of any host outside your own network is just the MAC address of your own router interface (Gateway). Blocking that MAC would be a bad thing!

At each router in the path between two hosts the MAC address gets changed, but the source/destination IP address remains the same (disregarding NAT). If you were talking about getting the MAC by running something on the remote host, then you are likely to be seen as a hostile actor yourself by anyone savvy enough to notice what you're doing.

[w0uter]

Banning Hard Drive Serial Numbers

- effective in that it requires a complete format which is time consuming

- requires software to detect it

actually you can spoof if with tools like HDspoof