Originally Posted by Cepheus
Ugh. Spoofing your MAC address is easy. The problem is that simply spoofing your mac address does not make you anonymous, in any way. When you send data, pieces of information are always sent by your computer, irrespective of hardware IDs - the source IP and destination IP. The source IP is the address your computer can be found at on the internet - if your public IP is 22.214.171.124 any computer in the world can attempt to connect to your computer by sending packets to 126.96.36.199. This is actually the target of this attack - to disrupt the servers that provide the map to each IP address. Anyway. You don't get to choose your IP address (unless you're a large corporation such as Google), you get assigned it by your ISP. This means that as soon as it becomes clear that 188.8.131.52 is being used to perpetrate an attack, the ISP that owns the ip address can be contacted - the isp can then easily block said line from the network, because they know who (ie the person) they assigned the specific ip address to. This is not the computer. It is the actual subscriber.
Spoofing MAC addresses sounds all high and mighty, but in reality it achieves very little.
How would simply shutting down the internet help? This is essentially the equivalent of talking crap about someone whilst they're on holiday.
Am I right in thinking that you are of the opinion that Geohot cracked the PS3 for piracy-related reasons?
We have a paper money system - simply adding numbers doesn't work. If you do it on a country basis, making money just devalues the currency (see Germany in the 1920s, Zimbabwe), if you do it on a per-bank basis people just don't do business with you and you get shut down by the feds.
I'm going to stop arguing with you here and just make one final point:
Your entire argument seems to revolve around the hypothesis that noone has ever thought that electronically forging money might ever become an issue in the future. Think about that a minute.
I'm well aware about electronic forgery. What was that phone virus that screwed with people? Anyways, I'm well aware that they know WHO is legally assigned to this HFC. However, the ONLY way they can find out who is riding piggy back is to trace back the line. Newer housing might have the hub lines marked, but generally they aren't, so all they can do is tell what hub I'm running off of.
The bull**** part of all this is if I do something illegal (such as hack/download) nothing gets done to me. It gets done to the person who's legally ascribed this account. That's because the only way for them (in most cases, unless when they dropped the lines they were marked) to find out exactly where this line is going is to go to the hub and manually disconnect until I "dissapear". They (generally) won't do that unless they get severe pressure, which this type of scenario might ("breaking the internet").
Honestly, if you know anything about cable modems then you know you can manually set the IP. With a manually set IP and a "fake" HFC their is **** they can do to find out who I am. It's not my account, don't any of you understand that? It's like credit card scamming, you never use your real info. I mean seriously, when did criminals get nice.
Originally Posted by PoopaScoopa
Hate to break it to you, but just because your computer changes its MAC address your identity hasn't changed with your ISP. You do realize that you have this fancy thing called a modem that authorizes you to use the network. Your ISP knows exactly who you are...
Anyways, not all core routers rely on dynamic BGP. ISPs can just as easily start filtering out the traffic just like they do for fake source IPs in packets already.
Hate to break it to you, but as I explained before.
It's not my account.
It's like identity theft, only a little harder for them to trace back unless I'm actively using that account.
Originally Posted by PoopaScoopa
Why is anyone talking about "spoofing" MAC addresses? There is no such thing as "spoofing" when authorization isn't handled by MAC addresses. Your modem authenticates you. (for the ignorant trolls: just because you're in bridged mode, you still need to authenticate with the router depending on the type of authentication available. PPoE/PPTP/etc) "spoofing" only does anything beneficial on the LAN.
Protip: You do realize that every router your packets pass through strip the source mac address and replace it with their own right? Did you just get on the internet today?
Your right, you don't spoof, it's more like piggy backing. But since that isn't a real term either, I don't really care. How about I say Modem Identity Theft, cause that's a bit more on the point?
The idea is that the ISP sees John Doe online and not me, so when they trace it back they get some random John Doe that had nothing to do with the "DDOS" or hack attempt. It's just as evil as using hotspot wifi to do your illegal activities except you don't have to drive around either marking them on a map or hacking them.
Jesus, you people don't understand that I KNOW how IPs work. What you don't understand is the very little info that a modem (cable) uses to "identify" itself to an ISP.
Ethernet MAC XX:XX:XX:XX:XX:XX
USB MAC XX:XX:XX:XX:XX:XX
Serial Number 1669XXXXXXXXXXXXXXXXXXXX
It might check, this is a HUGE might:
They might do SMNP, but you just set up your own SMNP trap for that.
When the ISP gets the connection they get an IP and the poor smuck's info that is assigned the HFC Mac. You, whoever you choose to be, never has any info leaked to the ISP. They have NO idea of knowing who you are, just that you are using the HFC Mac, and probably the original owner at the same time. They then go "oh, that's not right" and disrupt the service until they can send somebody to fix it. If it checks out nothing happens.
Go do cable modem research before you talk **** about this, seriously I know how the entire ordeal goes. They can find the hub, that's about it. As I said before, the hub has to be marked (and probably on record) for them to know what house it goes to. So if you see the cable guy playin with the hub down the street change the damn mac. It's not THAT hard, or change it after you do anything really illegally dumb and stupid.
 I actually legally have internet now, as of a month ago. =P But yes, I understand how all this goes, and yes I know it's illegal.
[edit2] Generally only the HFC Mac is required. The other info is used by a few ISPs, but they usually don't because of the amount of traffic (people getting disconnected, re-connected, ect..) that happens through accounting. I've actually herd Comcast is so bad that you can use any HFC Mac as long as you have a valid config file. Just manually set up the NTP server to download a config with a "valid" signature/ID and you get on. Yes, security is THAT bad. Probably because of the high demand/maintenance.Edited by mushroomboy - 2/18/11 at 6:12pm