Bungie.net Community
This topic has moved here: Subject: IP bans
  • Subject: IP bans
  • Pages:
  • 1
  • 2
  • 3
  • of 3
Subject: IP bans
  • gamertag: [none]
  • user homepage:

Well, here we are. I guess that it was destined to come to this.

Posted by: dazarobbo
There is NO method of getting a client's MAC address across The Internet. Anyone who tells you you can is wrong.

Unless you load an active app onto the client that queries the local client hardware for the information and then sends it back to the server.

Which IMO is classic malware/spyware, which would be unethical to use.

Late Edit: But your point being, that it would also be unusable on the server side to then deny traffic, since the traffic doesn't have the MAC information embedded.

[Edited on 12.30.2011 11:07 PM PST]

  • 12.30.2011 11:04 PM PDT
  • gamertag: [none]
  • user homepage:


Posted by: dazarobbo
Posted by: Alec9224
How so? Couldn't you set up an ACL type of thing with a setting of explicit deny in which you add MAC addresses to the ACL? You could have it so the web server within the DMZ won't even receive requests from banned MAC addresses because they will be blocked by the firewall/router's ACL.
You're getting too far ahead.

1) MAC is an addressing scheme used by Ethernet which is a protocol used at layer two of the OSI. That means when a frame is transmitted from one host to another, the layer two headers (including MAC address) are stripped off; they have no purpose or use at the upper-layers. Layer two protocols govern the rules for PDU transmission on a physical host-to-host basis, not logical end-to-end like in layer three across networks.

2) Multiple layer two protocols are in use. For example, from your modem to the CO you're likely using PPP. On The Internet (especially where ISPs are concerned) they're likely using Frame Relay.

3) Routers prevent the propagation of broadcasts to other/outside networks. Broadcasting is the method ARP uses to resolve IP Addresses to physical addresses on the local network.

There is NO method of getting a client's MAC address across The Internet. Anyone who tells you you can is wrong.

Ah, I was thinking that the ethernet frame was encapsulated, not replaced entirely as you work your way up the OSI model, but now that I think about it more I think you're right.
How would people go about getting around an IP ban? Obviously you can release and renew you address on a local machine or simply set it statically, but doesn't the ISP issue one public address for your modem? All addresses on the LAN are being mapped to the one public address using NAT, so banning the public address should block everything on the LAN.

[Edited on 12.30.2011 11:20 PM PST]

  • 12.30.2011 11:11 PM PDT

feartehstickman...
Posted by: toxicpanther615
the only problem i have with mine is that it's unstable,[very shakey],so you'd need a tripod for it.

Posted by: CJ Olvaid 360
Just drink a beer and everything will be ok

So that's the fabled baked cookies plan. I admit, it sounds very good. I can't see any problems with it.

  • 12.30.2011 11:15 PM PDT

Posted by: Recon Number 54
Unless you load an active app onto the client that queries the local client hardware for the information and then sends it back to the server.

Which IMO is classic malware/spyware, which would be unethical to use.

Late Edit: But your point being, that it would also be unusable on the server side to then deny traffic, since the traffic doesn't have the MAC information embedded.
Not necessarily.

It will likely have a MAC address if the local network on the server-side is using Ethernet, but the address will be the source address of the physical device connected to the other end of the cable from the network adaptor (NIC), such as a router.

Posted by: Alec9224
Ah, I was thinking that the ethernet frame was encapsulated, not replaced entirely as you work your way up the OSI model, but now that I think about it more I think you're right.
How would people go about getting around an IP ban? Obviously you can release and renew you address on a local machine or simply set it statically, but doesn't the ISP issue one public address for your modem? All addresses on the LAN are being mapped to the one public address using NAT, so banning the public address should block everything on the LAN.
That would be PAT (Port Address Translation), where you overload a single address by assigning unique port numbers managed by the router.

An alternative is a NAT address pool, where a range/multiple addresses are chosen from a pool of addresses on the router to use as global address. This is what large organisation such as a university might use, and is why I have an issue with people saying things like "banning the whole school" or something to that effect.

  • 12.31.2011 7:00 AM PDT

Everything is interesting if you go into it deeply enough.

MAC address bans would be perfect, because there's nooo way to spoof your MAC address. >_>

  • 12.31.2011 7:46 AM PDT

i c u thar c' ing my signiture

Yours in _Kai_

You can't be sure they don't know how to change it, and even of they didn't the person can always google it. Not to mention let's say a person is using a university or school computer and gets IP banned, you can say "bye bye" to anyone else that tries to log in under that IP. To be honest an IP ban does more harm than good and is very easy to get around.

  • 12.31.2011 9:58 AM PDT

There are many powers in the world, for good or for evil. Some are greater than I am. Against some I have not yet been measured. But my time is coming.

--------------------------------------------------------------------------------------------------------------------------------------


Forum Rules
List of Forum Ninjas

Posted by: Domi 233
So that's the fabled baked cookies plan.
Wait until he gets to the part with the young girl in a red cape.

  • 12.31.2011 2:17 PM PDT

Stupidity, when sufficiently advanced, is indistinguishable from magic

I think that the people who should be IP banned would far more likely know how to circumvent it; it would hurt more people than it would help.

  • 12.31.2011 3:08 PM PDT

"No, Hoobla. No."
~DeeJ

As previously stated, any communial setting, (College, Library etc.) would be screwed from one idiot.

  • 12.31.2011 3:54 PM PDT

I agree, especially since many IP's are static.

MAC address bans would be perfect, because there's nooo way to spoof your MAC address. >_>
Also, this.

[Edited on 12.31.2011 4:08 PM PST]

  • 12.31.2011 4:07 PM PDT

Blackstreak1 for life.

Trololololol Mad bro?

  • 12.31.2011 4:14 PM PDT
  • gamertag: [none]
  • user homepage:

Well, here we are. I guess that it was destined to come to this.

Posted by: Old Papa Rich
Posted by: Domi 233
So that's the fabled baked cookies plan.
Wait until he gets to the part with the young girl in a red cape.

Helen Slater is actually a little bit older than I am.

But looks a lot damned better.

The fact is that you are confusing plans. The "baked cookie plan" has nothing to do with the "20 hot actresses from the 80's and 90's plan". Both are glorious and WILL be amazing... once they are completed.

  • 12.31.2011 5:05 PM PDT
  • gamertag: [none]
  • user homepage:

:)


Posted by: Recon Number 54
Which is why I like the idea of not allowing posting from members that do not meet at least one of the following criteria.

1) Any level of trust/title that puts the account out of status of "member".
2) A cookie that is >8-24 hours old. I'd prefer 24, but even the 8 hour limit would slow/prevent a mass of alt account spam.


Without one of those, the member is taken to a warning page that apologizes for the inconvenience, and explains that the site requires a "baked cookie" in order to allow members to post and that this is a site protection method due to new/alt account abuse over the years.

So.. if someone was to clear their cookies by accident and were still a member, they'd have to wait between 8-24 hours to post again?

I have a feeling that would just drive members away.

  • 12.31.2011 5:09 PM PDT
  • gamertag: [none]
  • user homepage:

Well, here we are. I guess that it was destined to come to this.

Posted by: jross1993
Posted by: Recon Number 54
Which is why I like the idea of not allowing posting from members that do not meet at least one of the following criteria.

1) Any level of trust/title that puts the account out of status of "member".
2) A cookie that is >8-24 hours old. I'd prefer 24, but even the 8 hour limit would slow/prevent a mass of alt account spam.


Without one of those, the member is taken to a warning page that apologizes for the inconvenience, and explains that the site requires a "baked cookie" in order to allow members to post and that this is a site protection method due to new/alt account abuse over the years.

So.. if someone was to clear their cookies by accident and were still a member, they'd have to wait between 8-24 hours to post again?

I have a feeling that would just drive members away.

The status of their cookie wouldn't matter if their account had a trust level or title above member.

The cookie age would only matter to accounts that had not yet been engaged and following the rules of the site for enough time until a title change occurred. Recently banned members would also have to be aware of cookie age (and avoid the practice of clearing them in order to.... post on different accounts) and let their sign in and cookie exist for less than a day.

The explanation page would explain it, if someone insisted on clearing their cookies constantly, then they would know why they couldn't post and would then need to have a sufficiently trusted and aged account in order for that not to be an issue.

  • 12.31.2011 5:13 PM PDT

These baked cookies are starting to sound a little bit tasty...

  • 12.31.2011 5:16 PM PDT

Key


Posted by: Recon Number 54

Helen Slater is actually a little bit older than I am.


actually a little bit older than I am.

older than I am.

older

When did they make a number bigger than infinity and why was I not informed?

  • 12.31.2011 5:18 PM PDT
  • gamertag: [none]
  • user homepage:

:)

Posted by: Recon Number 54
Oooh, okay. Not trying to nitpick on your idea, but couldn't people just switch to another browser with the 'baked' cookie for alts then?

  • 12.31.2011 5:18 PM PDT
  • gamertag: [none]
  • user homepage:

Well, here we are. I guess that it was destined to come to this.


Posted by: jross1993
Posted by: Recon Number 54
Oooh, okay. Not trying to nitpick on your idea, but couldn't people just switch to another browser with the 'baked' cookie for alts then?

Even then, that would be a baked cookie in IE, 1 in FF, 1 in Chrome, 1 in Safari... and then they purge and have to wait a day.

Right now, the only thing that slows or deters someone who is intent on creating WLID and Bungie account after WLID and Bungie account is the fact that it takes them 2-3 minutes for their account creation and they are banned with 2 mouseclicks by a moderator. Their expended "effort" is greater than ours.

I believe the goal is to be as transparent as possible to new and non-malicious members of the community but as inconvenient and time consuming as possible for those who are attempting to exploit the easy account creation process for the purpose of disruption.

  • 12.31.2011 5:23 PM PDT

Key


Posted by: Recon Number 54

Posted by: jross1993
Posted by: Recon Number 54

Even then, that would be a baked cookie in IE, 1 in FF, 1 in Chrome, 1 in Safari... and then they purge and have to wait a day.
Solution: Just make more browsers.

Problem = solved.

  • 12.31.2011 5:24 PM PDT
  • gamertag: [none]
  • user homepage:

Well, here we are. I guess that it was destined to come to this.

Posted by: CrazzySnipe55
Posted by: Recon Number 54
Posted by: jross1993
Posted by: Recon Number 54

Even then, that would be a baked cookie in IE, 1 in FF, 1 in Chrome, 1 in Safari... and then they purge and have to wait a day.
Solution: Just make more browsers.Problem = solved.
Or a whole mess of VM's. None of which a new member would consider, but all of which are time and effort heavy on the part of someone who wants to be an infamous jerk.

I know that jerks can't be stopped, especially determined ones. But you can create systems that are annoying and burdensome to jerks but invisible to the innocent.

  • 12.31.2011 5:26 PM PDT

Key


Posted by: Recon Number 54
Posted by: CrazzySnipe55
Posted by: Recon Number 54
Posted by: jross1993
Posted by: Recon Number 54

Even then, that would be a baked cookie in IE, 1 in FF, 1 in Chrome, 1 in Safari... and then they purge and have to wait a day.
Solution: Just make more browsers.Problem = solved.
Or a whole mess of VM's. None of which a new member would consider, but all of which are time and effort heavy on the part of someone who wants to be an infamous jerk.

I know that jerks can't be stopped, especially determined ones. But you can create systems that are annoying and burdensome to jerks but invisible to the innocent.
But how many people are going to do something so malicious (as in, a legitimate attack... something worthy of an actual IP ban), why wouldn't they have a back up?

People who do things deserving of an IP ban are probably going to be people who are determined enough to keep on keepin' on.

  • 12.31.2011 5:30 PM PDT

<_QuAnTuM_>
What's your talent?
Posted by: DabilahroNinja
I can see through windows.

Posted by: WinyPit82
Like they always say, "You mess with the Helix Nebula, you get the WinyPit82."

Hi there! be sure to click that homepage link!

Yeah, because everybody knows how to set connections on a computer to add proxy servers along with an interchanging IP address.

You're the idiot for assuming everyone should know about proxies.

[Edited on 01.01.2012 1:21 PM PST]

  • 01.01.2012 1:21 PM PDT

feartehstickman...
Posted by: toxicpanther615
the only problem i have with mine is that it's unstable,[very shakey],so you'd need a tripod for it.

Posted by: CJ Olvaid 360
Just drink a beer and everything will be ok

Cookies it is then.

Time to PM spam Achronos with pictures of cookies?

  • 01.01.2012 3:45 PM PDT

Five years older and wiser
The fires are burning, I'm fire, never tire
Slay warriors in the forests, and on hire

Why are we even discussing this?

  • 01.01.2012 4:42 PM PDT


Posted by: Destiny 7
Nah..it's really not that hard to bypass any type of ban.

  • 01.01.2012 4:49 PM PDT

  • Pages:
  • 1
  • 2
  • 3
  • of 3