Sign in to follow this  
Followers 0
Lestan Gregor

Question about MAC Adresses

13 posts in this topic

Let's say i want to so some anonymous work at a local coffee shop,do something illegal, and they log my MAC address. My question is: How is the MAC tracked back to you personally?

0

Share this post


Link to post
Share on other sites

I'm assuming in the situation where they request to check your wireless card's MAC address against the one in their logs. If you spoof it, do your illegal activity, then change it back to the original MAC address, it would be more difficult for them to prove you were the person who did the illegal activity.

0

Share this post


Link to post
Share on other sites

Right...but why would they think to come to that specific person in the first place? In a crowded coffee house with tons of people coming through everyday?

0

Share this post


Link to post
Share on other sites

You can't use a MAC address to track someone. MAC addresses are stripped at the first layer 3 hop (the first router, often the wifi access point itself), so your MAC address never leaves the local network. You are right in that a MAC address can identify you though, the address is unique to your wifi card. If you did something bad enough that law enforcement gets a search warrant, they can examine the MAC address of your laptop's wifi card. Even if they don't have a search warrant, they can observe you using the computer, see that MAC address suddenly appear on the network and have probable cause for an arrest and/or search. It all depends on the magnitude of illegal activity though.

Imagine something really bad happened and law enforcement needs to identify a suspect in a group of coffee shop patrons. Assuming slow reaction time and the unwillingness to detain an entire coffee shop full of citizens, they could try to catch you doing whatever nefarious activity again. They have two pieces of information: the MAC address you used and what it is that you did. If they see either one of those things, they can find you and arrest you. This has happened before, I've read several articles about police catching pedophiles using open wifi connection to trade child pornography. Some of them were even smart and changed their MAC addresses around, but it didn't really help much.

So whether you simply want privacy or are trying to hide something from law enforcement (or simply don't want to get banned from the coffee shop for some lesser offense), changing your MAC address won't help you much. It's a public network, you can be discovered and caught. Using encryption and good security practices (like not doing such sensitive things on a public network) will help, but perhaps not very much.

0

Share this post


Link to post
Share on other sites
So whether you simply want privacy or are trying to hide something from law enforcement (or simply don't want to get banned from the coffee shop for some lesser offense), changing your MAC address won't help you much. It's a public network, you can be discovered and caught. Using encryption and good security practices (like not doing such sensitive things on a public network) will help, but perhaps not very much.

As I said in another thread:

open wireless access point + spoofed MAC address + spoofed hostname + Tor = 99% anonymity

The only way I can really see someone getting caught using the method above would be by the use of surveillance cameras.

Edited by deadwax
0

Share this post


Link to post
Share on other sites
As I said in a another thread:

open wireless access point + spoofed MAC address + Tor = 99% anonymity

The only way I can really see someone getting caught using the method above would be by the use of surveillance cameras.

Tor is not infallible, but it is a huge deterrent. If you've done something bad enough to warrant the expenditure of man hours and resources, law enforcement can and will track you to the open access point. From that point on, it's not very difficult to find you.

0

Share this post


Link to post
Share on other sites
Tor is not infallible, but it is a huge deterrent. If you've done something bad enough to warrant the expenditure of man hours and resources, law enforcement can and will track you to the open access point. From that point on, it's not very difficult to find you.

I would think it would be very difficult to find the person. Suppose they do find out where the connection came from (the open wifi network). How would they know which person to trace it back to? This is assuming it takes them many "man hours and resources" to find where the connection originated. They would have to rely on cameras. And if the person is sitting in a car outside the building where the wireless network is located, and out of camera's view, they will probably never find them. If they really want to catch someone, they had better do it in real time while the person is still connected to the wireless network.

0

Share this post


Link to post
Share on other sites

Even if they know your IP address, can't you just say that someone else must have used you unsecured wireless network for their attack?

0

Share this post


Link to post
Share on other sites
Even if they know your IP address, can't you just say that someone else must have used you unsecured wireless network for their attack?

Well the thing is, when you connect to a wireless access point, you're assigned a local IP address (i.e. 192.168.1.2). Assuming you didn't spoof your wireless card's MAC address, all they would have to do is cross-reference your card's MAC address with the IP assigned to it during the time of the attack.

0

Share this post


Link to post
Share on other sites

It's linking you to your hardware. Where they can't *immediately* do anything to catch/identify you they can cross reference your IP at the time of the crime, to the MAC address registered at their router and have themselves a criminal as deadwax said. Not that I promote nefarious activity at a coffee shop, at least take the proper precautions to remain anonymous. You can never be too paranoid when hiding in plain sight.

Tor is not infallible, but it is a huge deterrent. If you've done something bad enough to warrant the expenditure of man hours and resources, law enforcement can and will track you to the open access point. From that point on, it's not very difficult to find you.

I would think it would be very difficult to find the person. Suppose they do find out where the connection came from (the open wifi network). How would they know which person to trace it back to? This is assuming it takes them many "man hours and resources" to find where the connection originated. They would have to rely on cameras. And if the person is sitting in a car outside the building where the wireless network is located, and out of camera's view, they will probably never find them. If they really want to catch someone, they had better do it in real time while the person is still connected to the wireless network.

They would know by hardware identification. They couldn't catch you doing the crime you committed earlier, but in terms of man power and resources all they would have to do is set up a packet sniffer right in the middle of the coffee shop and have another guy watching the WiFi points logs and then when they see that same MAC address pop up they know it's you and detain you for questioning. After they they'll probably have gotten a warrant to go through and they'll be able to confirm it was you by examining your hardware and charge you appropriately.

It's not a very difficult task tracing anyone at any point on the internet.

Edited by deadc0de
0

Share this post


Link to post
Share on other sites
They would know by hardware identification. They couldn't catch you doing the crime you committed earlier, but in terms of man power and resources all they would have to do is set up a packet sniffer right in the middle of the coffee shop and have another guy watching the WiFi points logs and then when they see that same MAC address pop up they know it's you and detain you for questioning. After they they'll probably have gotten a warrant to go through and they'll be able to confirm it was you by examining your hardware and charge you appropriately.

It's not a very difficult task tracing anyone at any point on the internet.

Well if someone is doing something illegal, they would be pretty stupid to return to the scene of the crime. The smart thing to do would be to use different open wireless networks each time, and never the same one twice.

Edited by deadwax
0

Share this post


Link to post
Share on other sites

In my mind it kind of played out like this: Get in, get out, never return. By the time the attack was traced back...you're long gone. Anyways, thanks for the opinions guys.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0