MAC address perfection strategy

Source: Internet
Author: User
If you access the Internet through campus network or residential area, you must have heard of the MAC address. What is a MAC address? What is the role of a MAC address in this LAN environment? Next we will introduce the knowledge of MAC addresses, the differences between MAC addresses and IP addresses, and the security issues involved in MAC addresses in practical applications.

I. Basic Knowledge

Today's networks are implemented in layers, just like building blocks, first designing a specific function
Module, and then combine the modules to form the entire network. Lan is no exception. In general, we use the IEEE802 Reference Model in networking, from bottom to bottom: physical layer, media access control layer (MAC ), logical Link Control Layer (LLC ).

Identifies a computer on the network. Generally, there are at least three methods. The most common methods are domain name address, IP address, and MAC address, which correspond to the application layer, network layer, and physical layer respectively. Network management is generally used to manage IP addresses at the network layer. However, because the IP addresses of a computer can be set by the user, it is relatively difficult to manage and the MAC address cannot be changed, therefore, Combining IP addresses with MAC addresses becomes a common management method.

2. What is a MAC address?

The MAC address is the address used on the media access layer. It is also called the physical address, hardware address, or link address. It is written in the hardware when produced by the network device manufacturer. The MAC address has nothing to do with the network, that is, no matter where the hardware with this address (such as NIC, Hub, or router) is connected to the network, there is the same MAC address, it is written by the vendor in the BIOS of the NIC. MAC addresses can be either 6-byte (48-bit) or 2-byte (16-bit. However, as the LAN grows, it generally uses a 6-byte MAC address. These 48 bits have their own meanings. The first 24 bits are the addresses of the vendors applying for from the IEEE from the manufacturer of the production network card. The current price is 1000 USD to buy an address block, the last 24 bits are allocated by the vendor. This allocation makes the world's 48-bit MAC address NIC have a unique identifier. In addition, the two-byte MAC address does not need to be requested by the NIC vendor.

The MAC address is usually expressed as 12 hexadecimal numbers. Each two hexadecimal numbers are separated by colons, for example, 08: 00: 20: 0a: 8c: 6D is a MAC address. The first six digits of the hexadecimal number 08:00:20 represent the number of the network hardware manufacturer, which is allocated by IEEE and the last three digits of the hexadecimal number 0a: 8c: 6D represents the serial number of a network product (such as a NIC) manufactured by the manufacturer. Each network manufacturer must ensure that each Ethernet device it creates has the same first three bytes and different last three bytes. This ensures that each Ethernet device in the world has a unique MAC address.

Iii. Differences between IP addresses and MAC addresses

The IP address is based on logic and is flexible, free from hardware restrictions, and easy to remember. The MAC address is physically consistent with the hardware to some extent and can be identified. These two types of addresses have their own advantages. Different addresses are used for different conditions.

4. Why MAC address?

This is determined by the networking method. Today's popular Internet access method (which is also the future direction) is to organize hosts through a LAN and then connect them to the Internet through a switch. In this way, the problem of how to distinguish specific users and prevent theft occurs. Because the IP address is only a logical identifier, no one can modify it at will, so it cannot be used to identify the user. The MAC address is not, and it is solidified in the NIC. Theoretically, there is no way to impersonate the hardware (Network Card) unless it is stolen (note: in fact, it can also be stolen, which will be introduced later ).

Based on the MAC address, the LAN uses a MAC address to identify a specific user. Note: The specific implementation: In the switch, the MAC address and IP address are mapped one by one through a "table", that is, the IP address and Mac binding.

Specific communication method: When a packet is sent to a host in the local LAN, the switch receives the packet, then, the IP addresses in the data packet are mapped to the MAC address according to the ing relationship in the "table" and forwarded to the host with the corresponding MAC address. In this way, even if a host steals the IP address, but because he does not have this MAC address, he will not receive the packet. The sending and receiving processes are similar.

In conclusion, only the IP address and no corresponding MAC address cannot access the Internet in this lan, so the IP address theft problem is solved.

5. How to obtain your MAC address

The MAC address is fixed in the BIOS of the NIC and can be obtained through the DOS command. Win9x users can use the winipcfg command. Win2k/XP users can use the ipconfig/all command. The 12-digit hexadecimal representation is the MAC address.

6. Security Issues Related to MAC addresses

From the above introduction, we can know that this identification method is only based on the MAC address. If someone can change the MAC address, they can steal the IP address and access the Internet for free, at present, this idea is based on the idea that the Internet uses MAC addresses for free access to residential broadband. If you want to steal others' IP addresses, you must know the corresponding MAC address in addition to the IP address. For example, to obtain the MAC address of a host in the LAN, for example, to obtain the MAC address of the target host in the LAN, run the ping command: Ping target, in this way, the ARP table cache on our host leaves a record of the target address and Mac ing, and then queries the ARP table through the ARP a command, in this way, the MAC address of the specified host is obtained. Finally, use the MAC address of the ARP-s IP Nic to map the IP address of the gateway to its MAC address.

If you want to get the MAC address in other CIDR blocks, you can use the tool software. I think the tool provided by the Windows optimization master is good, click "system performance optimization"> "System Security optimization"> "additional tools"> "cluster ping" to scan MAC addresses in batches and save them to files.

Knowledge: ARP (Address Resolution Protocol) is an Address Resolution Protocol. ARP is
The Protocol for converting an IP address into a physical address. There are two ways to map IP addresses to physical addresses: Table and non-table. ARP is to resolve the network layer (IP layer, that is, the third layer of OSI) Address to the MAC address of the Data Connection layer (MAC layer, that is, the second layer of OSI. ARP uses IP addresses to obtain MAC addresses.

ARP principle: when a machine a sends a packet to host B, It queries the local ARP cache table and finds the MAC address corresponding to the IP address of host B, and then transmits data. If not, an ARP request packet (carrying the IP address IA of host a-physical address Pa) is broadcasted, and host B with the IP address IB replies to the physical address Pb. All hosts on the Internet, including B, receive ARP requests, but only host B recognizes its own IP address, so it sends an ARP response packet to host. It contains the MAC address of B. After receiving the response from B, A updates the local ARP cache. Then use the MAC address to send data (the MAC address is appended to the NIC ). Therefore, the local high-speed cache ARP table is the basis for local network circulation, and the cache is dynamic. ARP table: In order to recall the speed of communication, recently commonly used MAC address and IP address conversion does not rely on the switch, but on the machine to create a commonly used host IP-MAC ing table, that is, the ARP table.
   
7. How to modify your MAC address

The MAC address is fixed in the NIC, And the MAC address is unique. Is there any way to change it? No, we do not need to modify the content of the EPROM. Instead, we can modify the content of the storage unit to modify the MAC address. For example, you can modify the Registry in windows.

Enter regedit.exe In the runtime module of the navigation bar, open the Registry Editor, and expand the registry to the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ class \ {category} sub-key. The keys under the sub-key are, 0002 ...... The information about your Nic is saved here. The driverdesc content is the Information Description of your Nic, for example, my Nic is Intel 21041 based Ethernet controller ), assume that your network card has a 0000 sub-key.

Add a string named "networkaddress" under the 0000 subkey. The key value is the modified MAC address, which must be 12 consecutive hexadecimal numbers. Then, create a new sub-key named networkaddress in NDI \ Params under the "0000" sub-key and add a string named "default" under the sub-key, the key value is the modified MAC address.

Create a string named "paramdesc" under the sub-Key of networkaddress. Its function is to specify the description of networkaddress, and its value can be "MAC address ". In this way, the "attribute" of the network neighbor will be opened. Double-click the corresponding Nic and you will find an "advanced" setting under which the MAC address option exists, it is the new networkaddress that you add to the Registry. You only need to modify the MAC address here.

Disable registry and restart. Your NIC address has been changed. Open the properties of the network neighbor. Double-click the corresponding Nic item and you will find an advanced configuration item for MAC address, which is used to directly modify the MAC address.

Of course, you can also use the tool software to modify the MAC address of the NIC. For example, mac2001 can achieve our goal.

8. How to solve the security problems caused by MAC addresses

We can bind the IP address and the MAC address to solve this problem. Go to MS-DOS mode or command prompt and enter the command: ARP-s 10.88.56.72 00-10-5c-ad-72-e3 at the command prompt to bind the MAC address and IP address together. In this way, the IP address is not stolen and the network cannot be used normally, which can effectively ensure the security of the residential network and the application of users.

Note: ARP commands are only useful for LAN proxy servers and for static IP addresses. If modem is used for dial-up or dynamic IP addresses, they do not work.

However, simply binding IP addresses and MAC addresses cannot completely solve the IP address theft problem. As a network supplier, they have the responsibility to resolve these problems for users before they are handed over to users, rather than handing over security issues to users. Users are not supposed to be liable for unnecessary theft.

As a network supplier, the most common and most effective solution is to bind the port on the basis of IP and Mac binding, that is, the three IP-MAC-PORT are bound together, Port) the port of the vswitch. In this case, you need to perform port timed management during cabling. During cabling, the junction box on the user wall should correspond to the port of the switch one by one, and the registration should be completed. Then, the MAC address handed in by the user should be filled with the corresponding switch port, and then bound together with the IP address, to achieve the IP-MAC-PORT of the three bindings. In this way, even if the hacker owns the MAC address corresponding to the IP address, it cannot have the same port on the wall. Therefore, the hacker is isolated from the physical channel.

I 'd like to share some knowledge about MAC addresses through the above introduction! Remind everyone to apply what they have learned and never use it for other people!

# Network Technology

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.