Friday, July 08, 2005

things that people believe about MAC addresses

1. They are burned into network cards by the manufacturers and cannot be changed.
2. They are globally unique.

There is apparently still software that tries to rely on those two mythical properties of MAC addresses for security purposes. Wtf?

Comments:

Another curious fact is that the Ethernet standard lets vendors choose if they want to assign the MAC address to the actual NIC or to the complete system.

While everyone else decided to tie the MAC address to the NIC, Sun Microsystems for many, many (too many) years decided that binding it to the system was a better idea. As a result, many of Sun's ethernet and fast ethernet interface cards into the late 1990's did not come with MAC addresses even assigned to the card. Until that time, if you wanted to plug two NICs in a machine into the same ethernet segment, you had to locally assign one to the NIC at boot time, using an algorithm described in some document no one has ever seen (I have, but I don't remember where).

Even after Sun started shipping cards with MAC addresses burned in/pre-programmed, the default was STILL to use the system-wide MAC address.

Only Sun machines that we've gotten in the last two years have finally started to arrive with the Open Boot PROM variable "local-mac-address?" set to true (meaning to use the MAC on the NIC).

... weird.
it's possible that it used to be true at some point. i used to work with/install Univation ethernet cards with bnc connectors in 1985 that cost $100 each. that's $100 in 1985. (that would buy you fifty 33 1/3 rpm albums at the kroger "cut out" LP record bin) they had mac address burned into a eprom and also dot-matrix-printed onto a sticker stuck onto the chip label. i always assumed there was some kind or "ICANN" for mac addresses that doled out mac address ranges to manufacturers ( e.g. http://www.secinf.net/misc/Types_of_Ehernet_cards_.html ) is/was this not true?

i was recently shocked to see what appeared to be a menu on my cable modem router to "fake out" the mac address. i always assumed it was a big deal to alter it. (not a big technical deal but a big legal/protocol violation deal)
- scott
I think it might be IEEE that hands out the vendor codes (OUIs). Mabye? http://standards.ieee.org/regauth/oui/oui.txt
You are correct, it is the IEEE that informally handles assigning MAC addresses.
http://www.cavebear.com/CaveBear/Ethernet/vendor.html
has a pretty good list of which MACs are used by whom.

-Lee