MAC address of the perfect strategy _ Networking Tutorials
Source: Internet
Author: User
If you are through the campus network or community access to the Internet, then must have heard of MAC address. What is the MAC address and what is the role of the MAC address in this LAN environment? Here is a description of the MAC address knowledge, MAC address and IP address differences and MAC address in the actual application of the security issues involved.
First, basic knowledge
Today's network is layered to achieve, like building blocks, the first design a specific function of the
module and then put the modules together to form the entire network. LAN is no exception, generally speaking, we use the IEEE802 Reference model, from bottom to top: physical layer, media access control layer (MAC), Logical Link Control layer (LLC).
Identify a computer in the network, there are generally at least three methods, the most commonly used is the domain name address, IP address and MAC address, respectively corresponding to the application layer, network layer, physical layer. Network management is generally in the network layer for IP address management, but because the IP address of a computer can be set by the user, management is relatively difficult, MAC address generally can not be changed, so the IP address and MAC address together to manage a common management method.
Second, what is the MAC address
The MAC address is the address that is used on the media access layer, also known as physical address, hardware address, or link address, which is written in the hardware by the manufacturer of the network equipment. MAC address is not related to the network, that is, regardless of the hardware (such as network cards, hubs, routers, etc.) connected to the network, there is the same MAC address, which is written by the manufacturer in the bios of the NIC. MAC addresses can take either 6-byte (48-bit) or 2-byte (16-bit). But with the size of the LAN is more and more large, generally use 6-byte MAC address. This 48-bit has its own set of meanings, the top 24 is the manufacturer of the network card manufacturer to the IEEE application vendor address, the current price is 1000 dollars to buy an address block, the latter 24 by the manufacturer's own allocation, such a distribution makes any one of the world with 48-bit MAC address of the network card has a unique identity. In addition, the 2-byte MAC address does not apply to the NIC vendor.
The MAC address is usually expressed as 12 16 binary digits, separated by a colon for each 2 16-digit number, such as: 08:00:20:0A:8C:6D is a MAC address in which the first 6-bit 16 binary number 08:00:20 represents the network hardware manufacturer's number, which is assigned by IEEE The 3-bit 16-digit 0A:8C:6D represents the serial number of a network product (such as a network card) manufactured by the manufacturer. Each network manufacturer must ensure that each Ethernet device it manufactures has the same first three bytes and a different last three bytes. This ensures that every Ethernet device in the world has a unique MAC address.
Three, the difference between IP address and MAC address
IP address is based on logic, more flexible, not limited by hardware, and easy to remember. The MAC address is to a certain extent consistent with hardware, based on physics, can identify specific. Both of these addresses are beneficial and are used with different addresses depending on the conditions.
Four, why to use the MAC address
This is determined by networking, and now the more popular way to access the Internet (and also the direction of future development) is to organize the hosts over the LAN and then connect to the Internet via the switch. So there is the question of how to differentiate between specific users and prevent misappropriation. Since IP is only logically identifiable, anyone can modify it arbitrarily, so it cannot be used to identify the user, and MAC address is not, it is cured in the network card inside. Theoretically, unless stolen hardware (network card), otherwise there is no way to impersonate (note: In fact, can also be stolen, the following will be introduced).
Based on this feature of MAC address, the local area network uses the MAC address to identify the specific user's method. Note: In the switch, the "table" in the way of the MAC address and IP address one by one corresponding, that is, the IP, Mac binding.
The specific mode of communication: The receiving process, when there is a packet sent to a host in the local LAN, the switch receives and then maps the IP address in the packet to the MAC address in the table and forwards it to the host of the corresponding MAC address, so that even if a host steals the IP address, However, since he does not have this MAC address, he will not receive packets. The sending process is similar to the receiving process, limited to the length of the narrative.
In a comprehensive sense, only IP and no corresponding MAC address in this LAN is not able to access the Internet, so the issue of IP theft resolved.
V. How to obtain your own MAC address
The MAC address is cured in the BIOS in the network card and can be obtained by DOS command. Win9x users can use the winipcfg command, WIN2K/XP users can use the Ipconfig/all command, where the 12 digits represented in 16 is the MAC address.
VI. security issues related to MAC address
From the above introduction can be known, this kind of identification is based on the MAC address, if someone can change the MAC address, you can steal IP free internet access, the current online network for the community to steal the MAC address free Internet access is based on this idea. If you want to steal someone else's IP address, in addition to the IP address to know the corresponding MAC address. For example, to obtain the MAC address of a host in a local area network, such as to get the MAC address of a local area network named target host, Ping Target first, so that in the cache of the ARP table above our host will leave the target address and the MAC mapping record. The ARP table is then queried by the ARP a command, thus obtaining the MAC address of the specified host. Finally use arp-s IP network card MAC address, command the IP address of the gateway and its MAC address map up on it.
If you want to get a MAC address in another network segment, then you can use the tool software to achieve, I think the Windows Optimization Master's own tools are good, click on the "System performance Optimization" → "system security Optimization" → "Additional tools" → "Cluster ping", you can mass sweep out the MAC address and can be saved to the file.
Small knowledge: ARP (address resolution Protocol) is a resolution protocol, ARP is a
A protocol that converts an IP address into a physical address. There are two ways to map from an IP address to a physical address: tabular and non-tabular. ARP specifically resolves the network layer (the IP layer, which is the third layer of OSI) to the MAC address of the data connection layer (MAC layer, which is the second layer of OSI). The ARP protocol obtains the MAC address through an IP address.
ARP principle: A machine A to send a message to Host B, will query the local ARP cache table, find B IP address of the corresponding MAC address will be data transmission. If not found, broadcast a ARP request message (with host A's IP address ia--Physical address PA), request IP address for IB Host B answer physical address PB. All hosts on the internet, including B, receive ARP requests, but only Host B recognizes their IP address, and sends back an ARP response message to a host. It contains the MAC address of B, and a receives a reply from B, and the local ARP cache is updated. The MAC address is then used to send the data (the MAC address is appended to the NIC). Therefore, this ARP table for local caching is the basis for local network flow, and this cache is dynamic. ARP table: In order to recall the speed of communication, the most recent conversion of MAC address and IP does not depend on the switch, but on this machine to record a common host ip-mac mapping table, that is, the ARP table.
Vii. How to modify your own MAC address
MAC address is cured in the network card, MAC address is unique, there is no way to change it? No, we do not have to modify the content of EPROM, but only by modifying the contents of the storage unit can achieve the purpose of modifying the MAC address. For example, you can modify it in Windows by using the registry.
On the Start menu, enter Regedit.exe in run, open Registry Editor, and expand the registry to: hkey_local_machine\system\currentcontrolset\control\class\{ 4D36E972-E325-11CE-BFC1-08002BE10318} subkeys, 0000,0001,0002, and other branches under the subkey to find DriverDesc (if you have more than one network card, there are 0001,0002 ... Here to save information about your network card, where the content of the DRIVERDESC is your network card information description, such as My network card is the Intel 21041 based Ethernet Controller), where you assume that your network card in 0000 keys.
Add a string under 0000 subkeys, named "NetworkAddress", the key value is the modified MAC address, the request is a continuous 12 16 binary number. Then, under the "0000" subkey, create a new subkey named NetworkAddress under the subkey, under which a string named "Default" is added, and the key value is the modified MAC address (Ndi\params).
Continue to establish a string named "Paramdesc" under NetworkAddress's subkey, which acts as a description of the specified networkaddress, with a value of "MAC address". Then open the network neighbor's "Properties", double-click the appropriate network card will find an "advanced" settings, the existence of the MAC address option, it is you in the registry to add a new item networkaddress, as long as you modify the MAC addresses here.
Close the registry, reboot, and your network card address has been changed. Open the properties of the network neighbor, double-click the corresponding network card entry will find a MAC address of the advanced settings, used to directly modify the MAC addresses.
Of course, you can also use tool software to modify the MAC address of the network card, such as MAC2001 this software can achieve our goal.
Viii. How to solve the security problems caused by MAC address
We can solve this problem by tying up the IP address and the MAC address. Go to MS-DOS or command prompt, and enter the command at the command prompt: Arp-s 10.88.56.72 00-10-5c-ad-72-e3, you can bundle the MAC address and IP address together. In this way, the IP address will not be stolen without the normal use of the network situation, can effectively ensure the security of the Community network and user applications.
Note: The ARP command is only useful for the Internet Proxy Server on the LAN, and it is for static IP address, if the modem dial-up Internet or dynamic IP address will not work.
However, simply binding IP and MAC addresses is not a complete solution to IP spoofing. As a network provider, they have the responsibility for the user to solve these problems, only to the user to use, rather than the security issue to the user to solve. Users should not be allowed to take on the loss of unnecessary embezzlement.
As a network provider, the most commonly used and most effective solution is the IP, MAC binding on the basis of the port into the binding, that is, ip-mac-port three binding, port (ports) refers to the switch port. This needs to be in the wiring time completes the port timing management work. In the wiring should be the user wall of the junction box and switch port one by one correspondence, and do a good job registration, and then the user hand over the MAC address into the corresponding switch port, and then together with IP binding, to achieve ip-mac-port binding. This way, even if the user owns the IP's corresponding MAC address, it cannot have the same port on the wall, thus isolating the user from the physical channel.
I want to pass the above introduction everyone to MAC address also some understand it! Remind everyone should apply to the practical, do not use to the whole people ah!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.