Forum

I've tried this on three different computers and it never worked.
You always have to unplug one and reset the modem.

I do have a question for you though.

How is it that they're polling the network card's MAC and not the modem's MAC?

I did a Google search and I was a bit surprised to see some people claim that a MAC address can be obtained with only Javascript.

Unfortunately, no one distinguished between network MAC and modem MAC.

And according to Sun this isn't even possible.

Up until your post about checking the packets, I honestly thought everyone blaming the MAC address were wrong. I'd never before seen this type of code. I remember years ago trying to obtain a simple ip address from Javascript and it wasn't possible.
I guess the standard has evolved quite a bit in the last few years.
According to posts hereIt's possible to get MAC from javascript, only when using ActiveX.

YET
It looks like you can on Internet Explorer

I just have flatly no idea what to think.

Have you tested packets while having Java disabled?

Have you tried used different modems also? I don't know as much as you and Vic do about the internet, but I thought using a different modem for each computer could work or swap modems for each account!

I am not misleading people. I want people to get back on but I am not making a step by step process on here for amazon to change their ways to counter it. They already have an effective process for linking banned accounts and I am not trying to put all of my methods in one posting. I always tell people to read all of my threads and take notes. Much like aspkin and his stealth book, I am also constantly tinkering with the method to improve it. I am 100% positive that hardware has nothing to do with banning. Anyone following that method is destined to fail. I have been running multiple accounts at the same time on the same computer and if one gets banned, the others do not. If it was the hardware then all of them should fall like dominoes...but they do not. The items that you list has more to do with it than anything.

It may only be possible on some brands and even specific models. I've only done it with a few modems as proof of concept. Personally, I use as many modems as I need and I connect them via ethernet through a router. I change MAC as freely as I like. Dual-connecting eth/usb is not particularly useful to me.

Perhaps your modem is incompatible or you aren't using the proper proceedure. There are video tutorials on YouTube that clearly demonstrate how to do it for a few different modems.


I can't say how they were doing it. I wasn't worried about 'how'. I was more interested in the bottom line. Was it happening? The answer was 'yes'. Knowing how would have been useless to me. Since I would have no way to modify their end in a way that would prevent it. 'How' is irrelevant and would have been a waste of my time. All I needed to know was 'if'. My solution was fast and simple. Take the NIC out of the PCI slot. Put a new one in. Spoofing the NIC MAC didn't work. The factory MAC was still being pulled even after the spoof. NIC spoofing is nothing more than a registry entry. Anything that polls the NIC MAC without asking the registry would get the real MAC, avoiding the spoofed info. (definition of two terms: poll=to request data / pull=to get the data requested)

To be clear: They were getting the modem MAC too. Apparently they weren't implementing anything related to the modem MAC, though.

Whatever they were doing to get the MACs, it was getting EVERY MAC in the machine. Even though I wasn't connected from both modems and my 2 wireless adapters, it was getting all of the MACs. Which is why I didn't suggest people install 2 NICs and just switch back and forth. Install one, use it, remove it, install the other, use it, remove it, install the original one, lather rinse repeat.


I'm not especially fluent in java. It can be done. A friend of mine used to spoof the pages of popular websites back in the early '90s, with the intent of harvesting personal data. He used java somehow and was successful. He's very wealthy and no longer resides in the United States or uses the name his mom and dad gave him when he was born, therefore I can't ask him. I can say that I doubt he was using java to communicate directly to the remote NIC. My suspicion is that he was simply doing some sort of BIOS call through the operating system.


According to me, I wouldn't take the word of any company that claims .anything. is impossible. They used to say lasers could not generate a 3D hologram in mid-air. I and a friend of mine did it back in 1988. They said the Titanic was unsinkable...


Obtaining IP using javascript is not impossible or even difficult.


I wouldn't know about this. I am clueless about ActiveX. I doubt that it is true, though. It sounds like deliberate misinformation or something said by somebody who is only fluent in ActiveX.


IE will give info just as freely as it retrieves info.


I never had java enabled. I only tested with java disabled on the client - and - the computer I used for monitoring did not even support java. I wasn't viewing page-source. I used a second computer to monitor all the inbound and outbound packet traffic between the first computer and the website. I sniffed the packets using an application that has nothing at all to do with java.

Have you tested packets while having Java disabled?[/QUOTE]



My bottom line on the whole thing is that I only wanted to determine a fact and establish a definite solution. I was not trying to study every element of how they make it happen.

I love analogies, so here's another: We don't need to know the formula for the alloy they use to make coins or the machine used to stamp them out. All we need to know is that coins exist and then acquire some - then we can spend them. Let others do all the silly over-thinking.

I never said it was *THE* method. I said it *IS* one factor they use. I made it clear that people need to accomodate all other issues IN ADDITION to this ONE that people did not suspect.


I never shot your infos down. I said you were missing something, and I said what exactly THAT was. You try very hard to steer people away from this. .

I think you only volunteer info others have had for a long time. Makes you look like one of us.

I could understand not posting certain things publicly. But this one is so plain, so cut and dry... They can't stop people from spending $5 on a NIC card. They can't do anything about it. It doesn't appear that they have any more tricks up their sleeves ready to bring into play.
They don't want us changing our NIC MAC and neither does ebaykilla.

Because when we implement all the other things we already know and do, this is the last thing they can use. We eliminate this, and they can only profile based on listing and sales behaviour. All quantifiable statistics being taken from them, they know they'll be pissing lots of innocent people off, when their profiling measures finger blameless sellers.

You use 11 screws to hold up the screen door. I use 12. You're saying 12 screws will make the door fall off but 11 is perfect?

That makes more sense, thanks for clearing that up for me, I misunderstood :)

I meant actual ip. Not displayed ip. IE I'm in Kansas, but my tor onion is in France, I obtain the Kansas ip with it.
I never found a way to do that, and I looked for a while.

This leaves me wondering if they aren't using browser exploits.
Not just for IE, but possibly the other ones.
I get how you could probably do this with a windows native Java app, but javascript of VBScript just seem too limited as they're designed to function.

I'm sometimes prone to that ;)

Thanks for taking the time to reply.

LOL...i get it now...Vic thinks I work for ebay or amazon and I am a spy...LMAO!!! OK dude...It is clear you are a person who fears conspiracies....Hey guys change your NIC card..etc etc..But I will tell you that if you go back selling the same items (especially if your stock is over 10 items) you can change your COMPUTER and still get banned! I have done it so I know it is possible. Think of amazon like the lottery...what are the chances of a seller listing 15 of the same items that a banned seller did? I think it is more than one in a million...are there a million sellers on amazon? I think not....If the nic card is an issue then ALL OF MY ACCOUNTS SHOULD GO DOWN AT THE SAME TIME BUT THEY DO NOT, SOME NEVER GO DOWN....I rest my case...think about it....Reduce the probability and you will see success....I only get linked once I get too close towards looking like the banned id. So now I use many ids now to split them up and reduce linking...good luck!

He never disagreed that selling the same items will get you banned.
He just said there was yet another concern to be mindful of.

Logic will tell you that if that is true then all accounts created and running under the same NIC should get wiped out...that's not the case.

Flawed logic is telling YOU that. It occurs to me that maybe the effect is not instantaneous.

From mid-April through July, all of my attempts to succeed with a new account were failing after a short delay. I mentioned this before. 1/2 of those accounts did not list any inventory yet. I took your advice on the last few (to not add a bank account right away). All of those accounts failed. Every one of them. Then I discovered the MAC issue. I changed adapters, and hoe-lee sheet BATMAN! That account LIVED! Well, I caused it to die due to a different error, eventually (lasted longer than the accounts that recycled the NIC). I changed NIC again, and another success. But, much later, I mistakenly added a bank account wrong, and that one died right on the spot, so the cause of death was very very clear.

I'm not alone with my fails, my successes, or my statistics.

So, NIC is one thing. Don't argue. It's true. Bank account is another. Listing pattern is another. Address fits in there along with phone number.

YOU might be getting linked by your sales pattern. But really, for all you know, they might be matching on your NIC but the system might not be processing your exit papers until a week or 4 later. Or your pattern could be killing you faster than the MAC monster can get you. Then again, I'm not sure you are being linked or that you are a seller. You keep changing the subject and/or belittling something you simply can't wrap your head around.

Logic tells me that I know my resume and my education background. I know my career experience in computers and networking. That same logic assures me that my analysis of packet traffic which clearly shows the MAC activity taking place can be fully relied upon to be an accurate assessment. I do know what to look for and how to determine whether it is/was there or not. Fact is, I looked and I found it. You can find it too, if you just look instead of bumping your gums.

Deductive reasoning tells me you are full of fertilizer.

Quit your day job working on the River and sell your pucky on ebay instead.

To be very very clear, I do not suspect you of being employed by ebay.

P.S. - I'll give you all my used NICs if you promise you'll use each one. You can experiment for free. Install one and make an account. Don't list, or even add a bank account. See how long before the account is gone. Repeat the process and make a graph. I'll wager that you will see a 21-28 day life-span. If you adhere to the provision that no activity take place other than logging in and looking around, that will pretty much rule out any other factor that would cause a ban from Amazon - except the MAC.

But you don't have the guts or the integrity to take the challenge, do you? You've got nothing. I suggest you gather it up and go home with it.

hey vic, obviously the Amazon algorithm is making the Network card NIC MAC address the determining factor in pulling acct but you said they were pulling all MACS. looks like a matter of time before the bar is set higher and you are shut down again ?

Not likely going to be a MAC that gets me ever again. I've got spare ethernet cards, a few routers I can work with, a handful of wireless adapters if needed, a couple spare modems...

What's likely to get me in the future is my own absentmindedness or perhaps lack of sleep.

If changing the NIC helps you sleep at night and sell all day...then if it aint broke don't break it. Just as my system works for me I will not change it. It only makes sense to me that if this is how people track you online because it a reliable source then how come eBay doesn't use it? Also if it is a "slam dunk" towards linking, then it should be picked up in a short amount of time just as IP addresses etc are discovered withing 12 hrs on amazon since it is just a matter of matching numbers. I have been linked using various different computers but selling a similar combination of products....so I am still dubious how NIC cards are the reason for linking.

killa,

maybe its a roll out over a few areas like vic implied. It could be nationwide soon.

=====================

vic,

1) I thought they were getting *ALL* MAC's according to your sniffer so wouldnt that mean keyboard, screen, mouse...excuse the ignorance but can they get all those physical MAC's as you would really have change PC then and of course they could update[up the ante] on their 'cancel acct' algorithm at will making life really difficult.

2) Can you recommend a good packet sniffer to me that tells me WHAT data is being pulled ?

3) Of course I cant use Amazon here but as killa said whats to stop gayBay from using the same trial technique amazon seems to be using ? its worrying to say the least unless you have 'some' software engineering experience [ I switched out of my MSc Soft Eng after 1 semester :) ]

4) Isnt the amazon MAC pull illegal in the US or extremely intrusive to say the least. Its seems to border on criminal hacker techniques and could get them some very bad publicity if users think Amazon softw engin are pulling private data from their computers using underhand stealth[irony] techniques ?

Maybe a strong email threat frm a stealth email should be sent to them with a cc to FOX, CNN, ABC, CBS, etc.....uping the ante each time with proof of what they are doing.

To clear the confusion on MAC address, here is the formal definition of it:

In computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sublayer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address.

Keyboard, screen, mouse, ...etc do not have such an address.

hi bluemoon,

thanks for the response. Okay good so that narrows the 'MAC pull' technique to a manageable finite list of items such as network card, modem, routers,etc,etc

Can you please elaborate what the etc, etc is ??

ap, I should think it means the peripherals to the actual computer. Like the aids that make the whole thing function, eg mouse & key-board.

These 'aids' need not be computer specific (& therefore need nothing to ID them).
That's my story, anyhoos! :ranger:

In TCP/IP networks, the MAC address of a subnet interface can be queried with the IP address using the Address Resolution Protocol (ARP) for Internet Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. On broadcast networks, such as Ethernet, the MAC address uniquely identifies each node and allows frames to be marked for specific hosts. It thus forms the basis of most of the Link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, functioning networks.

As for what they are used for: MAC addresses is what computers use to talk to each other. Many people think its simply just IP, but in reality an IP address is basically just an alias for your MAC address. Say you have two computers on the same network with the IPs of 192.168.2.1 and 192.168.2.2. In order for them to communicate, they listen to the data line to see packets from MACs they do not know. When they see one, they secretly record the IP associated with that packet and log it in their ARP (Address Resolution Protocol) table. If they have not yet figured out what MAC belongs to an IP they send out an ARP request. Basically this request just says: "Who is 192.168.2.2?". 192.168.2.2 would then reply with "I'm 192.168.2.2 and my MAC is bla bla". Then that device can now communicate with the other device using the MAC address. (please note the red text. MAC is embedded in every packet)

To get just a little more technical, MAC addresses work on layer 2 of the OSI model. Layer two is the data link layer. This is the layer that computers actually make connections with each other and they do so with the MAC address. Layer 3 is the network layer in which IP resides. To sum it up, MAC addresses are used to make the actual direct connection and IP is used to determine the network on which a computer (or MAC address) resides.

*******
No java is required. The ability for one system to poll another is a standard function of ethernet and other modes of networking - such as firewire...


Hope this ends the debate, answers questions some people have, and influences ebaykilla to learn the basic definition of something before he/she/it decides to contribute empty and often false information.

ebaykilla, read the first few paragraphs a few times. MAC is unique. It was designed from the beginning for the sole purpose of tracing packets back to their unique point of origin. It's always been that way. It's embedded in every packet of data, regardless of the type of data or the origin and destination.

A quick trip over to wikipedia would have saved you much damage to your ego. Had you simply spent 60 seconds on basic research, you would have become smarter instead of continuing to share your stupidity. I have no sympathy for your self inflicted wound. Thanks for taking the bait for so long. It's been entertaining.

thanks vic,

care to give a quick response to my question 3) & 4)

Also based on your last response WHAT IS CUT OFF POINT that Amazon can use when pulling MAC data [ does it stop at the network card, modem & router or can they do 'other' MAC queries. I am trying wrap around my head whether the list of items is finite and what IS THE TOTAL LIST of items that they can query ?

Thanks

thanks Green, I am seeking a specific item list or potential item list that can be queried.

3. nothing is stopping ebay, except they don't want to expend the effort to implement it.

4. Not illegal at all. When Xerox developed the whole thing many decades ago, it was implemented by default. Always happens. The MAC is in every packet all the time. Any networked computer can send an ARP request in addition to the info ALREADY ALWAYS THERE. How's that illegal?

Without MAC addresses, IPs wouldn't get assigned. IP is just the nick-name for your MAC. It's a complicated thing to explain, which is why I don't even try to tell the whole story. Many people's eyes would glaze over.

Suffice it to say, your computer can be identified by the chain of MACs that make up the line of communication from your PC to the WEBz.

MAC is for networking devices, not mice and other innocuous peripherals. Each networking device of any type has a MAC and all the MACs make it into the header of every packet.

The itemized list would be millions of items long.

Networking devices are on the list.
Non-Networking devices are off the list.

Your sound card does not have MAC. Your firewire does. Your USB LED book light doesn't. Your Token Ring does. Etc etc etc.

Your request for a complete list is feasibly impossible. Nobody would live long enough to make it, and you'd be dead before you could finish reading it.

thanks vic,

I didnt mean a list of every item but a list of the 'types' of items. i get you but just to clear..you are really saying that the list is networking items. So without going into the millions of items a safe category list would be :

ALL MODEMS
ALL ROUTERS
ALL NETWORK CARDS

What else would you add to that category list ?

e.g. for me in practice I am thinking I just have worry about my internal laptop wireless card, my wireless router, my ethernet router and my DSL modem. That makes up a total of 4 devices. Am I correct on a practical level ? or can they also query MAC's on my 3 other ethernet connected computers[ network cards ] :) ????

I just want to be prepared in case Ebay decides thats the way they want to go.

Thanks

[I hope you are on the West Coast...its pretty late over there ]

Anything that is part of the communication chain for a TCP/IP based connection would have a MAC address.

In standard practice, only the MACs in the immediate chain should be in the packets. However, and ARP request that tunnels to other points of your internal network will produce results from those other points. That is why when I installed two NIC cards back in April, Amazon detected both cards, even though only one NIC had a CAT5 inserted. The got the first NIC from the header, they ARP'd my PC to get all other MACs in my LAN.

It appears (so far as I can tell) that they don't do that when you register, but instead they check it when you come up for your normal review. They were probably hoping that by NOT doing it at registration time, we might not notice or figure out what happened to cause us to get fingered. That is why we don't get MAC-NUKED within the first few hours but do get MAC-NUKED after a few weeks or so. It will vary for each seller. Busy sellers will go under review sooner (why it happens to me in 21-28 days but doesn't happen to that wannabe ebaykilla for months - he's just not good enough to be important).

They were wrong.

get you... Is there anything else that makes up the "communication chain for a TCP/IP" that MAC's can be pulled apart from modems, routers and network cards ?

Firewire and BlueTooth. Anything that is considered to be a

NETWORK ADAPTER

would qualify for the 'list'.

thanks Vic,

re ebay you said "nothing is stopping ebay, except they don't want to expend the effort to implement it."

You are the master here but come on man, you really think so?? It seems to me that a couple of Ebays junior software/network guys could have a prototype MAC sniffer up, running and testing within days. Anyway maybe Amazon reads the forum here and Ebay doesnt. Maybe we should put this entire thread in the paid section of the forum :)

Look, MAC in headers is nothing new. Been happening in 100% of packets for like 40 years or even longer. The only new thing is Amazon began actually using the info earlier this year. Other systems have been using the header info for tracking a long long time before www was invented. No joke. Really.

ebay could do it if they wanted. It takes nothing more than a parser. No special java or anything. A passthrough parser.

I really don't want to explain networking step by agonizing step. You people think this is new. It's older than I am. Been happening since before I was born. Old news so old people forgot about it being automatic and now it's like air. It's there and nobody thinks about it.

Really, visit wikipedia. Google 'xerox parc mac' (here's a freebie - Upgrading and repairing networks - Google Books - take special note of figures 14.6 and 14.7 where it actually shows a data packet and that source and destination MAC are in every single frame). Xerox invented the windows operating system too. Bill gates bought it for 100 grand. Apple stole it and used it for the Macintosh. Read it. It was in the news. Apple lied. About the same time Compuserve and AOL were dialup text based with no graphics sniffing our MACs to trace our locations in case we were trading stolen credit card numbers. Old news, all of it. Go read, all true. XEROX baby!

No need to move it. They know about it. However, it's about time to drop the whole topic now that it is reasonably well covered. To learn more about networking on a deeper level, it would be more appropriate to find a forum focused on networking.

Here we discuss stealth in depth.