[Terloch]

Has anyone out there figured out how to track a MAC address as well as the IP address of a socket? Or any sort of identifier from a NAT packet?

I'm having issues with certain players with lots of IP addresses and I would much rather just get rid of them by their MAC address but I don't even know if that's possible...

Drop me a personal note, or a response on here if you have done this, or have ideas on how it might be done...


Thanks,
Terloch

[Xerihae]

I'm no expert, and I can't explain the details, but I'm sure I once read a post from someone who asked a similar question. The repsonse seemed to be tha ISP's will NOT allow you to get a hold of MAC addresses, period. Someone wrote the code to do it then found out the ISP blocked it completely. I've no doubt someone else will be able to elaborate on this for you.

[Yui Unifex]

The only uniquely identifiable information you can use is the IP address. MACs cannot be used to identify because dialup users would be able to change them as easily as they can change IPs, as the MAC they receive is the device they're connected to, not their own device. There are similar problems for other connections. The lookups to find these addresses are generally not routable, so they won't go across the internet. Even if all of these problems were surmounted, it's trivially easy to change the MAC address of your device.

NAT boxes do not have a particular signature that they place on packets -- they only work by keeping track of connections and translating/retransmitting the packet with the source addresses fixed to the NAT box address, and vice versa. Everything they do is transparent to the external connection.

Your best bet is to find some sort of IP-based solution.

Tried contacting an ISP (abuse@...)or banning a whole subnet?

[Terloch]

Oh an email will be going to abuse tonight when I get home, but the problem we have now is that the first socket (a DSL connection) was banned, and the person has moved to the great stan of ISP's, and I honestly don't want to ban 10-15 regular players who are also *shudder* using the great satan of ISP's...

[shadowfyr]

You may have to. The mud I play on got tired of idiots logging on every few days that A) woudn't accept being banned, B) refused to read help files (specifically edicate and law related ones), C) refused to follow the rules when they did know them and D) cussed out the admin when they talked to the players. Result: If you had an account from AOL, you can still use it, but no new characters from there are possible 'ever', even if you are a current player.

Not sure if you can only ban new players like AoD did, but as bad of a solution as it is, the key issue came down to AOL = 90% of all users, which = 90% of all idiots that logged in. A very simple if ackward equation when considered the potential player base you end up losing. The alternative though unless you run a mud you have to pay to play...

[Robbert]

MAC addresses aren't even truly tracked by the ISP, because the MAC address of the individual's NIC card is overwritten with the MAC address of the first routing device on the link, and subsequently overwritten each step of the way.

In other words, the information is -there-, but only to the last hop on the path, which can potentially change with each packet sent in TCP/IP protocol. It should conceivably remain static to the last location with UDP, but UDP connection paths are only guaranteed for the duration of the connection - so someone could simply reconnect to the game and (very likely) secure a new MAC address.

The sad fact is, TCP/IP was never written to do more than pass information along a path - its conceivers never accounted for the possibility that morons and losers would eventually pervade the (then) geek-domain of the web.

My solution, after discovering the futility of tracking the MAC, is to ban the ISP. If someone from that ISP wants to connect to the game, they must have the ISP contact me and assure me that they will be proactive with dealing with abusers; if they do not give that assurance, their ISP remains banned.

A possible solution is to write your own client, which then can query either a)the MAC address of the NIC card on the users computer or b)the CPU ID#. MAC addresses can be spoofed, but the user who knows how to do this also likely is mature enough to not act up. If they are not, then you aren't going to find any simple way to prevent them from accessing your game, either.

I've also found that a single-strike approach is worthwhile - if someone breaks the rules, remove them from the game. It's much simpler than dealing with punishments and tracking who has done what. If they violate your rules, remove them from the game. Harsh? Probably. But it's your game, so your rules. If they don't like it, they don't need to connect.

--Bert

[Terloch]

The person in question was removed, entirely, every character, and his "normal" socket is banned, but now of course he feels the need to make an ass out of himself like it's some personal vendetta to make my life difficult...oh well, I guess after 5-6 years I should be used to it, right?