Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tufts Tells Judge, We Can't Tie IP To MAC Addresses

kdawson posted more than 5 years ago | from the we're-cooperatin'-here dept.

The Courts 419

NewYorkCountryLawyer writes "Protesting that Tufts University's DHCP-based systems 'were not designed to facilitate forensic examinations,' but rather to ensure 'smooth operations and to manage capacity issues,' the IT Office at Tufts University has responded to the subpoena in an RIAA case, Zomba v. Does 1-11, by submitting a report to the judge (PDF) explaining why it cannot cross-match IP addresses and MAC addresses, or identify users accurately. The IT office explained that the system identifies machines, not users; that some MAC addresses have multiple users; that only the Address Resolution Protocol system has even the potential to match IP addresses with MAC addresses, but that system could not do so accurately. For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit."

cancel ×

419 comments

First post! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24493499)

First Post!

Re:First post! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24493623)

First post complaining about the first post not being a troll, but rather simply off topic, over rated or something similar.

FUCKING MODS ARE FUCKING STUPID! BRAINLESS MORONS!

MOD ME DOWN! WASTE YOUR FUCKING MOD POINTS! RAR!

Re:First post! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24493725)

HEY MODS! WANT MY DILDO?

'Cause you are obviously uptight about something...

No need to mod as troll when you can mod overrated. It still gets modded down and might not affect your karma so much if I get the post in metamod...

FUCK YOU!

Re:First post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24493895)

What a waste of mod points. Honestly mods, if you mod this down, that will be four negative mod points.

Then, the reply to this one will make it five, and bam, someone might have just used *all* their mod points.

Suckers.

Re:First post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24494003)

Off topic it isn't. Off topic should only be used when a reply isn't related to the parent post. So mods, get your act together.

This post is related to the parent post. Not least because if it is moded down it will be the fifth in a row. What a waste of mod points. Suckers!

Re:First post! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24494143)

Your post is -1 redundant. I am posting this as an ac so I can use my mod points to mod myself -1 overated.

Hahahah...Doh !

hehe (4, Funny)

Hougaard (163563) | more than 5 years ago | (#24493513)

Next hot network thing: RIAA approved DHCP ;)

Re:hehe (1)

Deus.1.01 (946808) | more than 5 years ago | (#24493539)

Oh, god. I'm not looking forward for the new update on the DMCA.

Re:hehe (5, Insightful)

drspliff (652992) | more than 5 years ago | (#24493549)

How long until it makes law?

We were recently required to explicitly keep something like 6 months worth of call data records (although we keep many years worth already due to customer requirements) so that wasn't such an issue.

However, if ISPs (and universities or other large organisations) were suddenly required to keep track of all IP allocations for 6 months or more it'd cost a bucket load to implement.

You don't have a loghost? (1)

Colin Smith (2679) | more than 5 years ago | (#24493627)

I thought that was pretty much standard practice these days.

Anyway, it's trivial to do.

 

Re:You don't have a loghost? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#24494233)

stfu!

Re:You don't have a loghost? (4, Informative)

the4thdimension (1151939) | more than 5 years ago | (#24494287)

Still impossible to tie it to a MAC address with any certainty that that MAC address corresponds to the same person now as it did then. For instance, say CompOnwer 1 owns Comp A with MAC 1 uploads a bunch of crap on kazaa. RIAA gets to requesting the info but lags. In the mean time, Comp A is sold to another person on the same campus, becoming CompOwner 2 owning Comp A with MAC 1. The way DHCP works, they are likely to end up with the same IP and same MAC address but its a totally different person.

Re:You don't have a loghost? (5, Insightful)

sgbett (739519) | more than 5 years ago | (#24494397)

And, of course, nobody has *ever* spoofed a MAC Address ....

Also (1)

p3d0 (42270) | more than 5 years ago | (#24494409)

Can't MAC addresses be spoofed?

Re:Also (2, Interesting)

the4thdimension (1151939) | more than 5 years ago | (#24494433)

This only compounds the fact that a loghost doesn't really help whether you have it or not.

Re:hehe (5, Funny)

Sophia Ricci (1337419) | more than 5 years ago | (#24493775)

Nobody is addressing real problem. Students are facing hard time downloading music.

The universities should provide a server within campus to download music. Problem solved.

Re:hehe (4, Funny)

tristian_was_here (865394) | more than 5 years ago | (#24493901)

We should address the real issue here and provide porn to all students!

Re:hehe (5, Funny)

Paolone (939023) | more than 5 years ago | (#24493939)

We should address the real issue here and provide sex to all students!

Corrected for you.

Re:hehe (4, Insightful)

szo (7842) | more than 5 years ago | (#24493967)

Right, aim high!

Re:hehe (4, Funny)

Gerzel (240421) | more than 5 years ago | (#24494121)

No I think he's aiming a bit lower.

Re:hehe (0)

Anonymous Coward | more than 5 years ago | (#24494219)

Right, you're high!

Fixed.

Re:hehe (0)

Anonymous Coward | more than 5 years ago | (#24493965)

How about beer instead?

RIAA solution to piracy: Get the feds to let the states lower the drinking age.

Re:hehe (4, Funny)

Gerzel (240421) | more than 5 years ago | (#24494111)

I think you have it backwards. I think it is largely the students that provide porn to us.

Re:hehe (1)

smitty_one_each (243267) | more than 5 years ago | (#24493933)

Better still, we should have the Fed pay for the server. And pay subsidies to the RIAA. This satisfies both the students and the lawyers. What's not to like?

Re:hehe (1)

Gerzel (240421) | more than 5 years ago | (#24494129)

The Fed can negotiate with the RIAA the students can't therefore the RIAA will demand to deal directly with the students and their parents.

This is a shake down and it is difficult to shake down city hall/capitol hill as they blow the competition out of the water.

Re:hehe (1)

erotic_pie (796522) | more than 5 years ago | (#24493971)

didn't napster try that already?

Re:hehe (4, Insightful)

NewYorkCountryLawyer (912032) | more than 5 years ago | (#24494011)

Next hot network thing: RIAA approved DHCP ;)

Scary, isn't it?

That's one smug grin i would love to see. (4, Insightful)

Deus.1.01 (946808) | more than 5 years ago | (#24493521)

I'm sure the ICT department were real sorry they couldnt facilitate RIAA's demands.

Re:That's one smug grin i would love to see. (0)

OeLeWaPpErKe (412765) | more than 5 years ago | (#24494355)

Yeah indeed. That reads like a list of excuses too idiotic to be reasonably believed.

A dhcp server can't match ip to mac ? Oh sure why not ... if I were the RIAA's lawyer I'd say "then I'm sure you won't mind if I take a look at those logfiles, now will you ?". And then accept their apology in trade for a promise not to persecute this guy personally for lying in court (2 years).

"Only ARP is possible" riiiiiiiiiiiiiight ... and that would have nothing to do with arp being impossible after the computer is disconnected, in other words, it'd be worthless for the RIAA.

They're attempting to bullshit a judge. I'm ambivalent about this. This really shouldn't work and should get that "expert wittness" prosecuted for fraud. On the other hand, I like what he's doing ...

But this is bullshit. Since it's presented as the truth to a judge, it really should get someone in trouble.

And the judge understood it? (4, Interesting)

Bazman (4849) | more than 5 years ago | (#24493547)

I suppose in the US you have judges with clue. In the UK it's fuddy duddy old men in wigs who go "What is this 'internet'?".

http://www.theinquirer.net/en/inquirer/news/2007/05/17/judge-has-beatles-moment-over-internet [theinquirer.net]

or maybe he didnt:

http://www.theinquirer.net/en/inquirer/news/2007/05/18/judge-didnt-have-beatles-moment-after-all [theinquirer.net]

Apparently the original story of the judge saying 'Who are the Beatles?' might be a myth anyway...

Re:And the judge understood it? (4, Informative)

Opportunist (166417) | more than 5 years ago | (#24493595)

What makes you think judges know anything about technology?

That's not a requirement for them. Here, we have sworn in experts for almost every field in existance, from agriculture to zoology. And of course electronics, electrotechnics and yes, even IT. And with the IT field expanding, they're broadening the board of experts in that field.

If a judge doesn't know jack about something, he calls an expert and has him explain what's cooking. What does this or that mean, how does this or that work, is this claim credible, everything. These experts are required by law to give a verifyable and cross examined report about their findings and expertise, and usually (not always) their claims stands unchallenged by either side, because they usually are actually right.

Of course either side may bring their own experts to the table and discuss it out with the court's expert. And yes, it makes sense to bring your own expert, especially if you're the defendent, since all you have to do is punch holes into the court's expertise. All your expert has to do is create "credible doubt". But, as said before, the experts there are far from dumb (or they don't retain that status, together with the rather good payment, for long), so punching holes into his expertise is already nontrivial.

That whole ordeal is expensive, of course, and usually only warranted if the value of the claim exceeds trivial amounts. Maybe that's the reason why the RIAA (or its sister organisation here) didn't try a multi million charge yet so far. I have good faith that the court's experts alone blow them and their "proof" out of the courtroom before the session even starts.

Re:And the judge understood it? (1)

bhima (46039) | more than 5 years ago | (#24493957)

"Here" where? In the US? I had no idea they did that. I've been in court a few times and never saw anything like that, even though I thought it was needed.

Re:And the judge understood it? (4, Informative)

squizzar (1031726) | more than 5 years ago | (#24493997)

I don't know about the US, but in the UK an expert witness must give completely impartial testimony, or face being held in contempt. Whilst a company may hire an expert witness to investigate a case, once they are sworn in they must answer all questions in a completely honest manner, even if it is detrimental to their employers case. We had a lecture at uni from a guy who worked as an investigative engineering consultant (or something like that). He said he'd quite often inform companies that hired him that maybe they shouldn't take a case to court as he would be obliged to give honest and impartial testimony, and that may not be a good thing for them.

Re:And the judge understood it? (-1, Troll)

jabuzz (182671) | more than 5 years ago | (#24494187)

Hum, not if your name is Sir Roy Meadow you don't. You just get to make up junk statistics out of your head with no evidence what so ever to justify them, or any formal qualifications in statistics.

As a result of your grossly negligent and misleading expert witness to the court innocent parents end up serving jail time for the deaths of their children.

Come back to you none whatsoever, despite the fact you are an evil shit who has ruined lives on your pet theories that are little more than junk science and deserve to spend the rest of your life in jail.

Get back to me when "expert" witnesses are punished for giving false ans misleading evidence.

Re:And the judge understood it? (2, Insightful)

Opportunist (166417) | more than 5 years ago | (#24494201)

Generally that's true, of course. Still, a court expert may bring up facts that the opposing side (of a expert brought in by one side) wouldn't think of. The court experts are required to offer all information they consider important to a case, unasked.

Generally it is frowned upon when they can't at least credibly try to offer information benefitial for both sides, the very last thing one of those "impartial experts" wants is to be accused of offering biased testimonies, something that happens easily when the testimony appears biased. Since their testimonies have a lot of influence on a verdict (the judge basically has to trust this expertise and often simply tack it to the verdict), if a side gets disadvantaged by it their most likely attempt at a defense is to bring in an expert of their own and have him come up with scenarios that are beneficial for their side that were left out by the court's expert and argue that he is biased. It is often the only defense you have against it.

Now, the very last thing such a court expert wants is an accusation of a biased expertise. It can easily cost him his position, and since it's very easy money for them, bribery is usually quite useless. People who are even considered for such a position usually do it less for the money, since they are such luminaries in their field that they usually already have earned more than they can spend in a lifetime. The goodwill loss for being labeled a biased court expert is most of the time a bigger fear for them than any money can wipe.

No they don't (2, Insightful)

tjstork (137384) | more than 5 years ago | (#24494377)

Lawyers as a whole, and judges in particular, think that they can "cut to the chase" of a problem and dig into the details of any field by analyzing every activity with respect to the law. So they never grasp the technology per se as much as they extract talking points with which to argue their side. Judges just tend to go with whoever makes the better argument. Expert witnesses and consultants are brought in to boost the credibility of the lawyers and their talking points, not, to help aid in any real understanding.

Re:And the judge understood it? (5, Insightful)

meringuoid (568297) | more than 5 years ago | (#24493731)

I suppose in the US you have judges with clue. In the UK it's fuddy duddy old men in wigs who go "What is this 'internet'?"

You mean judges who know meaningless jargon when they hear it, and want all terms of reference used in their courtroom to be clearly defined.

What, exactly, legally speaking, is a 'website'? Where does one 'website' end and another begin? How does a 'site' differ from a 'page', if at all? Is a 'forum' part of a 'website', or only attached to it? Is there, as the media often says, a 'file sharing website' called 'BitTorrent' on which pirates trade music? What exactly is this 'Web' thing anyway, and how is it distinct from the 'Internet', if at all?

A lot of terms bandied about in common parlance regarding Internet services are very vague, and I'm glad to hear of judges demanding that they be defined clearly and unambiguously when in court.

Re:And the judge understood it? (1)

Viol8 (599362) | more than 5 years ago | (#24494249)

You could say that about many things in life. eg: How do you define a car? Is an SUV a car? What about a pickup - they're more or less the same size? Is a pickup really a truck? What is a truck anyway? Whats the difference between a house and a mansion? etc etc etc.

Very few things outside mathematics or physics have an absolute carved in stone definition. This is either because theres a whole spectrum of similar things with no clear demarcation anywhere , or , simply because of limitations of human language. Law courts must take this into account and this applies when talking about the internet.

Re:And the judge understood it? (1)

marcosdumay (620877) | more than 5 years ago | (#24494359)

Maybe that is why laws define the meaning of 'car' and 'residence'.

Re:And the judge understood it? (1)

Threni (635302) | more than 5 years ago | (#24494279)

> You mean judges who know meaningless jargon when they hear it, and want all terms of reference used in their courtroom to be clearly defined.

Exactly. It's always amusing when people who know nothing about the process of law criticize judges. The most famous example is perhaps "who are the Beatles" - as if Judges are somehow able to distinguish a pop group who'll be famous for decades after they split up from the thousands of crap, me-too disposable bands who had a one-hit wonder and then vanished into well-deserved obscurity.

Re:And the judge understood it? (1)

Elky Elk (1179921) | more than 5 years ago | (#24494063)

or maybe they want things legally defined for the jury?

First thing on that To Do List... (0)

Anonymous Coward | more than 5 years ago | (#24493559)

At the university...

Put every computer behind multiple routers and hubs.

Good luck getting through the mess of routes and MAC addresses on each.

Re:First thing on that To Do List... (1)

iminplaya (723125) | more than 5 years ago | (#24493593)

Heh, That could be construed as "obstruction" in their eyes.

Remember, kids... (5, Insightful)

Anonymous Coward | more than 5 years ago | (#24493575)

Remember kids: Just because an IP address doesn't necessarily identify a person doesn't mean that copyright infringement is OK.

Re:Remember, kids... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24494229)

Doesn't mean it's not OK either. It's an orthogonal argument.

Re:Remember, kids... (0)

Anonymous Coward | more than 5 years ago | (#24494275)

Yes, there are plenty of other reasons that justify copyright infringement instead. Choose one of them.

What, me change MAC address? I wouldn't do that... (4, Informative)

apathy maybe (922212) | more than 5 years ago | (#24493607)

Actually, I would and have done that.

Say you are in a situation where you can't connect your laptop to a network, but you can find the MAC address for a computer that is connected to that same network.

1) Disconnect the computer that is connected;
2) Change your laptop MAC (I assume you are all using some variant of GNU/Linux, but whichever, you can find information http://www.irongeek.com/i.php?page=security/changemac [irongeek.com] which will get you started, there is also a tool available for Ubuntu (and I guess other *nix) which can randomise your MAC, choice a MAC based on a specific company etc.)
3) Connect your laptop to the network in place of the other computer.

Did I mention profit? I never did, but all I wanted to do was not be forced to use Windows and MSIE. (Of course, disconnect your laptop before reconnecting the other computer, having two machines with the same MAC could cause problems.)

So, even if you have a case of having to register your MAC before connecting to the network (which is the case in many places), because it is so easy to spoof MAC's, I don't think that you can even reliably connect MAC addresses to a computer (at least in the cases where geeks are around), let alone an IP address to a computer.

Basically, the only way that one should be trying to identify individuals is by using username/password, and even that is potentially problematic. (At my old Uni, to connect to the Wireless network you had to use your network login/password, it then didn't matter which computer you were using. Though in that case, I think the software only worked for MS Windows, the Mac and *nix software for the protocol wasn't up to scratch.)

Re:What, me change MAC address? I wouldn't do that (3, Interesting)

Carthag (643047) | more than 5 years ago | (#24493689)

At the dorm I used to live we had to authenticate our computers in order to gain access to the network, this was done via username/password combos. There were several that multiple people knew (mostly to get around bandwidth limits - you'd just jump on another account if you exceeded your quota).

It registered the MAC address at this point, but I doubt they were actually saved, as the quota was obviously tied to the user account and not the MAC.

Re:What, me change MAC address? I wouldn't do that (5, Insightful)

huge (52607) | more than 5 years ago | (#24493697)

People should understand that MAC address is no more permanent than IP address is.

Unfortunately they don't.

Re:What, me change MAC address? I wouldn't do that (4, Insightful)

Stellian (673475) | more than 5 years ago | (#24494033)

Yes but the proof RIAA would bring to the court is not just the IP/MAC address combination. That's just a pretext to grab a random student who's IP happens to match, seize his computer and find thousands of MP3 files in the shared folders of a P2P application. That would then constitute the actual evidence they need.

Re:What, me change MAC address? I wouldn't do that (2, Insightful)

huge (52607) | more than 5 years ago | (#24494413)

Yes but the proof RIAA would bring to the court is not just the IP/MAC address combination. That's just a pretext to grab a random student who's IP happens to match, seize his computer and find thousands of MP3 files in the shared folders of a P2P application.

That's exactly the point. It has been established that the IP address on its own is not enough as it can not be tied to single user/pc. That's the reason why they try to use IP/MAC pair to single out the computer they want to confiscate.

IP/MAC is just as reliable as IP address on its own.

Re:What, me change MAC address? I wouldn't do that (5, Funny)

Ratbert42 (452340) | more than 5 years ago | (#24494199)

One of the IS guys at work came by, checked the number on my ethernet port, then asked if I was the f*cker that changed my MAC address to DE:AD:BE:EF:CA:FE. Yes I was. B00B1E5.

Re:What, me change MAC address? I wouldn't do that (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24494253)

Small world. I was that IS guy. After I finished up, I went to the bathroom and thought about you as I jacked off and played with my asshole. Do you want to get together sometime?

Re:What, me change MAC address? I wouldn't do that (2, Informative)

yakumo.unr (833476) | more than 5 years ago | (#24493707)

On windows, most wired NIC drivers will let you set the "Locally Administered Address" which is your MAC address in the devices advanced properties.

Re:What, me change MAC address? I wouldn't do that (3, Interesting)

Anonymous Coward | more than 5 years ago | (#24493715)

And with Wifi, it's even easier (useful for these Kiosk-type nets wthat present you with a login page on first access):

  • tcpdump traffic for a while
  • chose a low-activity mac and matching IP
  • configure victim's mac and IP on your card.
  • no need to even disconnect or remove victim's computer
  • surf ahead!

Well, occasionally you (or the victim) might get one or the other dropped connection, but in practice, this is extremely rare.

Re:What, me change MAC address? I wouldn't do that (4, Informative)

JustKidding (591117) | more than 5 years ago | (#24493717)

This is almost exactly what I was thinking: aside from the difficulties and uncertainties of matching an IP to a MAC at any given time in the past, with NAT and everything adding a lot of ambiguity to whole mess, it's simply not possible to match a MAC address to any given NIC, much less to a user of the computing containing this NIC, let alone establish knowledge or intent of the alleged infringement.

MAC forgery for dummies:
1) start packet sniffer
2) start ping probe of network segment, record ARP replies
3) when you want to forge a MAC address, probe the network segment again
4) use MAC from any host that is not responding, but that you did record the MAC address for previously
5) enter MAC in advanced setting for the network card (in windows, all dummies use windows).

The only thing I can think of to prevent this, is tying the MAC address to the physical port on the router. This is, of course, not possible with a wireless network.

username/password systems won't work reliably either, passwords can be sniffed, keylogged, or brute-forced.

Re:What, me change MAC address? I wouldn't do that (5, Informative)

apathy maybe (922212) | more than 5 years ago | (#24493809)

Username/password is still better then MAC or IP. Yes there are problems, but as I outline below...

Encryption much? Prevents password sniffing. The protocol that my old Uni used was, I think, something based on http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol [wikipedia.org] EAP. No more sharing a single password amongst everyone.

My own computer much? Prevents keylogging. (Not to mention, software keylogging is prevented on lab machines by locking them down and drawing the image down the network when you login. So even if you install keylogging software, if it works at all, it would only work for your login. Hardware keyloggers are expensive/hard to get.)

Brute-forced... Joking much? The password file is stored at the other end of the network, you can't just grab it. And good luck tapping in different passwords by hand, with an enforced three second delay.

Re:What, me change MAC address? I wouldn't do that (2, Insightful)

base3 (539820) | more than 5 years ago | (#24493977)

Hardware keyloggers are expensive/hard to get.

While I've never bought one, they seem to be readily [keyghost.com] available [keydevil.com] although buying one untraceably would be a bit more difficult (but not impossible) which would be a necessary step to avoid having the keylogger found and an investigator simply asking (perhaps under subpoena) the selling company for the purchase information for that (probably serialized) keylogger.

Re:What, me change MAC address? I wouldn't do that (1)

JustKidding (591117) | more than 5 years ago | (#24494185)

Aside from the hardware keyloggers, which would take ayd remotely competent freshman CS student a whopping whole Saturday evening to build from scratch (the PS/2 keyboard protocol is very slow, simple en well documented), you reasoning contains one major flaw:

universities (at least in the Netherlands) are basically government institutions and are run as such. I have yet to see a university with half-way decent network security, given that the network has to be usable by clueless non-CS students (and worse, professors).

Usually, security takes a backseat to accessibility, because the elderly making the decisions are about as clueless as the general public.

The whole point of my post was to show that is certainly not possible to pinpoint any user *given the current infrastructure*. Sure, it is possible to change to infrastructure to make it possible, but who is going to pay for that? The RIAA?

Re:What, me change MAC address? I wouldn't do that (3, Insightful)

Oidhche (1244906) | more than 5 years ago | (#24493865)

The only thing I can think of to prevent this, is tying the MAC address to the physical port on the router.

Even this wouldn't prevent it if you can physically access the cables.

Re:What, me change MAC address? I wouldn't do that (1)

MT628496 (959515) | more than 5 years ago | (#24493873)

If you let users have physical access to your network hardware, you deserve to be cracked.

Re:What, me change MAC address? I wouldn't do that (3, Insightful)

apathy maybe (922212) | more than 5 years ago | (#24493905)

And how the fuck are you going to prevent them? Hide your computers and just let them access the screen, keyboard and mouse?

Unless you put your lab machines in a safe, there is always a way to access the network cables. (Even if it involves pulling the cover away from where they go into the wall.)

Re:What, me change MAC address? I wouldn't do that (1)

MT628496 (959515) | more than 5 years ago | (#24493961)

Who said anything about a lab? I'm talking about dorms, where there are two ports in a room and two people in a room.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494179)

And how the fuck are you going to prevent them? Hide your computers and just let them access the screen, keyboard and mouse?

Unless you put your lab machines in a safe, there is always a way to access the network cables. (Even if it involves pulling the cover away from where they go into the wall.)

Give me a break. Physical Security 101. The network design itself is protected to the level it needs to be. Even the US Government realizes that it's ALWAYS possible to physically break in somewhere. Therefore, you build in the appropriate protection. The security either justifies the building across from the base golf course, or within E-ring at the Pentagon or 3rd floor in NORAD.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24493733)

Unfortunately for people that try this at the school I work at this doesn't work. As soon as we see a MAC address on a switchport in the residence halls, that's the only address allowed on that port unless we specifically allow another one. So, if you try to change your address, you'll not only find that your new address doesn't work, but now your old one doesn't either because your port has been errdisabled and you have some explaining to do to network management.

Re:What, me change MAC address? I wouldn't do that (2, Insightful)

antirelic (1030688) | more than 5 years ago | (#24493935)

- I changed my ethernet card
- I was using a friends laptop
- I bought a new computer
- I bought two new computers
- Must have been a room mates friend
- etc...

Re:What, me change MAC address? I wouldn't do that (1)

base3 (539820) | more than 5 years ago | (#24494005)

I was thinking the same thing--I'd never do something like that in an unknown environment without having already come up with some "good answer" for the low-level network fascist that might question what I was doing. I would think the least painful way to deal with restrictions in a NAC/NAP environment like often exists in residence halls (the test bed before they roll it out to everyone, unfortunately) is to hook up a healthy, compliant, good-boy Windows box and then connect your actual machine through the "blessed" Windows machine. Of course, if one of the conditions for NAC/NAP "health" is not running a DHCP server, that won't work.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494099)

But that would be fine with me. All I want is to be able to tie your traffic to you. If your friend registered the windows box, then I'd tie it to him. Basically if I see a stream, I want to know who it belongs to on my end.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494021)

In all of those cases, I'd ask you to email me a list of addresses you'd like allowed. Then you've identified yourself.

Re:What, me change MAC address? I wouldn't do that (1)

jeremyp (130771) | more than 5 years ago | (#24494183)

Until the next time the MAC address changes and he claims it was a different friend or another new computer or something.

Basically, there's so many legitimate reasons for a MAC address to change on a port that all you've really done is make everybody's life a little bit more miserable.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494345)

As I said, I agree that there are legitimate reasons. If he claims it's a different computer, he's either blaming his roommate or telling me that he left his room unlocked and some random person walked in and used his port. Give me a break.

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494211)

When I was working at CS Dept. / IT, your method would cause security to walk in within minutes... It was well known that MAC could not be relied for security. There were automatic remote checks (ssh-key for linux / unix + similar system for windows) to be done after computer bootup. If your machines identification doesn't match classes computer, it causes alert...

Re:What, me change MAC address? I wouldn't do that (0)

Anonymous Coward | more than 5 years ago | (#24494263)

It's often worse. I run a firewall/router in front of all my lab machines, between them and the wider university network. The router clones the IP and MAC address of a machine that is "officially" registered with the university via DHCP. So, in my case, one IP/MAC address combination == ~5 actual machines.

DHCP lease logs (5, Interesting)

Ted Freeman (1319075) | more than 5 years ago | (#24493673)

Nice job from the IT department. They say how difficult it is to extract meaningful information from the ARP cache records, but you don't need them anyway. All they would need to do is keep the DHCP lease logs. Conveniently they

In both cases the retention notice arrived in such close proximity to the expiration of the ten day retention period of the DHCP data that we were unable to access the data before it was overwritten.

So they used the same excuse twice - log rotation - RIAAs new enemy.

Re:DHCP lease logs (5, Interesting)

TerminaMorte (729622) | more than 5 years ago | (#24493759)

DHCP logs will only contain the IP address and MAC address; information that cannot be used to identify anything other than a machine (assuming the MAC isn't spoofed; my laptop runs macchanger -A ath0 on startup :)).

Re:DHCP lease logs (2, Interesting)

Ted Freeman (1319075) | more than 5 years ago | (#24493837)

Yes, that is all you can hope to identify people from. MAC addresses can be changed, machines can have multiple MAC addresses, people can use common access terminals or access the network through NAT / masquerading routers or use a friends computer. All this is possible but the MAC address(es) of your computer:

When a computer is first connected to the Tufts network the user must register their MAC address with their individual username and password.

So it is not a perfect system but it is the best they have and would "catch" most ( non/semi technical ) users.

More like "notice that you're being watched" (4, Insightful)

lysse (516445) | more than 5 years ago | (#24493721)

Nice move on Tufts' part. If they ever do receive such a "notice to preserve", they can relay it straight back to their students and staff and say "look, the RIAA is watching us with a view to screwing you, so behave yourselves" for the duration of such a notice; and if they don't, they have effectively insulated their charges from all further RIAA action. And all whilst looking extermely co-operative for the benefit of the courts...

Re:More like "notice that you're being watched" (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24494017)

And if they do that, and have someone sympathetic to the RIAA, say, oh, like me....I'd report them for obstruction and helping their students break the law.

While DHCP isn't a permanent thing, we ALL know it's based on lease duration. Most sane places use a lease duration of 3 days. I'm sure the RIAA folks will bring that up.

Hate to tell ya - esp at a university - systems are used regularly. You have to be gone a while for your lease to expire and to get a new IP.

Re:More like "notice that you're being watched" (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24494093)

After which time your performance would start slipping, there'd be some "concerns", your duties would change, and after a while, you'd be out of a job and the word out on the street would be that you are unloyal. Couldn't happen to a nicer guy.

Re:More like "notice that you're being watched" (0)

Anonymous Coward | more than 5 years ago | (#24494365)

Sounds like they're helping students obey the law.. for the duration of the probe.

Of course if a regime change happens... (2, Insightful)

jskline (301574) | more than 5 years ago | (#24493747)

Of course if a regime change happens at the end of the year, you can rest assured that there are certain politicians who will push hard for law changes to formally "outlaw" the use of DHCP in computer networks due to it's haphazard way of handling network IP's, traffic; and because it doesn't know who the user is!...

What a joke. If you think I'm wrong on this, take a look at the democratic side of the US Congress and look at some discussions that have been bantered about recently! Thats all I'll say on that.

God I hope and pray we get to replace them all next year! They're all bad.

Please don't even GIVE them this idea. (4, Insightful)

Lunarsight (1053230) | more than 5 years ago | (#24493761)

For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit."

I honestly wish Tufts hadn't even suggested this to the RIAA, since we all know this will be the next thing they'll try and have legislated through Congress. One of the congressmen on the RIAA payroll will attempt to slip it into a bill undetected.

They won't limit it to colleges either - they'll probably make it a requirement of ISPs in general.

Re:Please don't even GIVE them this idea. (1)

EvanED (569694) | more than 5 years ago | (#24494141)

Oh please. You think the idea hasn't occurred to them?

The RIAA may be blood-sucking mosquitoes who rape the justice system, but they aren't stupid.

Why? (4, Insightful)

Armakuni (1091299) | more than 5 years ago | (#24493833)

For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit.

Why? The RIAA is not a court of law or even a government agency. Surely the university would have no obligation to comply with its requests? Talking about the RIAA in these terms ("notices", "forensic") lends it unwarranted legitimacy and authority.

Re:Why? (2, Interesting)

NewYorkCountryLawyer (912032) | more than 5 years ago | (#24494053)

For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit.

Why? The RIAA is not a court of law or even a government agency. Surely the university would have no obligation to comply with its requests? Talking about the RIAA in these terms ("notices", "forensic") lends it unwarranted legitimacy and authority.

That's what I want to know. Why?

Why don't they just come out and say... (2, Insightful)

OneSmartFellow (716217) | more than 5 years ago | (#24493907)

.. Hey, RIAA, you guys must be pretty stupid if you don't realize that a MAC address can be changed with trivial ease. Therefore, even if we could dredge up the DHCP logs, the IP address to MAC address mapping you are so interested in wouldn't tell you anything anyway.

Please stop feeding the idiots, they foul the footpaths of life.

Re:Why don't they just come out and say... (2, Insightful)

troon (724114) | more than 5 years ago | (#24494039)

Because they're not 13 years old, and have a hint of maturity about them.

Re:Why don't they just come out and say... (3, Insightful)

NewYorkCountryLawyer (912032) | more than 5 years ago | (#24494067)

.. Hey, RIAA, you guys must be pretty stupid if you don't realize that a MAC address can be changed with trivial ease. Therefore, even if we could dredge up the DHCP logs, the IP address to MAC address mapping you are so interested in wouldn't tell you anything anyway.

They don't care. They just want to have someone to sue.

Is it clear to though? (0)

Anonymous Coward | more than 5 years ago | (#24493937)

Had a quick scan through the PDF and note that they are saying they can identify a number of users via the MAC refering to the ARP..

With pretty much everyone and their cat knowing how to spoof/copy/clone/randomise a MAC could this one person still not be potentially someone else?

Ok it implies that it *could* be this guy but without certainty shouldn't it say just that, my reading of it suggests they are certain it is one person?

IT to RIAA: (5, Interesting)

nimbius (983462) | more than 5 years ago | (#24493969)

you're the reason we aren't keeping logs of this stuff.

The MAC is not in DHCP leases (2, Informative)

Anonymous Coward | more than 5 years ago | (#24493989)

Everyone has missed the point. The DHCP protocol does not use MAC addresses to identify clients. It uses client identifiers, which can be any unique string. The fact the *windows* chooses to use the mac address as a client identifier is beside the point. Who says the client being investigated is using windows?

I expected more from the MS-bashing Slashdot crowd. Apparently you are all windows users.

Re:The MAC is not in DHCP leases (3, Informative)

jeremyp (130771) | more than 5 years ago | (#24494259)

Yes, but once the computer is assigned an IP address, ARP ties the MAC address to the IP address. You could then, in principle, log the mappings by dumping the router's ARP table at regular intervals.

IP To MAC Addresses? (5, Funny)

houghi (78078) | more than 5 years ago | (#24494051)

Anybody have some MAC addresses from the RIAA? That way people can use those in some semi-random rotating system and they can sue themselves.

After all if the IP can be linked to the MAC, the MAC can be linked to the user, so anybody with that MAC will be guilty.

Re:IP To MAC Addresses? (2, Funny)

Carthag (643047) | more than 5 years ago | (#24494283)

Maybe the RIAA is already spoofing *our* MAC addresses so they have random people to sue!

Re:IP To MAC Addresses? (3, Informative)

OeLeWaPpErKe (412765) | more than 5 years ago | (#24494361)

In advising this to people, I'm sure you know what will happen to a network (and to the helpdesk of said network) when multiple people start using the same mac-address, right ?

Well, if you can't... (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24494071)

... then you're liable! I'm expecting the courts to come up with that simple principle. Kinda like when your car is caught speeding: identify the driver or pay the fine.

That, of course, will make not only university LAN's but also corporate LAN's much more expensive to build. It'll also make it difficult to support multi-user machines as you'd have to tie each and every TCP connection to a user.

And after that liability scheme collapses under its own weight, we'll be rid of the whole copyright nonsense.

Response to meringuoid et al (0)

Anonymous Coward | more than 5 years ago | (#24494223)

I'm fairly sure you weren't seriously asking meringuoid but I'm in a good mood and thought I'd answer below anyway. Someone might find it interesting... Maybe. Most will argue finer(and thicker) points below I'm sure but this WAS done in a coupla minutes.

I very glad to hear about the MAC spoofing and log rotation issues. I believe, technologically that all of us have at least access to stuff that insulates us from a lot of this bullying. I'm worried just like most of us that we'll be paying $1-3/GB or more in the near future by disparate ISPs acting cohesively.


Questions by meringuoid above, comments welcome - IANAExpert.

>>What, exactly, legally speaking, is a 'website'?

In it's basest form that would be a domain or sub-domain. A collection of pages logically linked together. www.google.com/* or www.geocities.com/user/*

>>Where does one 'website' end and another begin?

Change of domains/users/content, et al. Fairly simple to prove unless obfuscation were employed. Even then if you can dig deeply enough...

>>How does a 'site' differ from a 'page', if at all?

A site should have more than one page. (kinda old school but I also think a myspace page is a site in a way - there are pics/video page links)

>>Is a 'forum' part of a 'website', or only attached to it?

If the same people whom have authority over the website have authority over the forum or b) the people whom have authority over the website delegate authority over the forum.

>>Is there, as the media often says, a 'file sharing website' called 'BitTorrent' on which pirates trade music?

Nah - an infrastructure.

>>What exactly is this 'Web' thing anyway, and how is it distinct from the 'Internet', if at all?

The web serves html pages. The rest perform other handy networking functions.

Sh1t (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#24494297)

and enjoy aal the a8d shower. For
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...