It may only be possible on some brands and even specific models. I've only done it with a few modems as proof of concept. Personally, I use as many modems as I need and I connect them via ethernet through a router. I change MAC as freely as I like. Dual-connecting eth/usb is not particularly useful to me.
Perhaps your modem is incompatible or you aren't using the proper proceedure. There are video tutorials on YouTube that clearly demonstrate how to do it for a few different modems.
Quote:
Originally Posted by SimplyComplex  I've tried this on three different computers and it never worked.
You always have to unplug one and reset the modem. |
I can't say how they were doing it. I wasn't worried about 'how'. I was more interested in the bottom line. Was it happening? The answer was 'yes'. Knowing how would have been useless to me. Since I would have no way to modify their end in a way that would prevent it. 'How' is irrelevant and would have been a waste of my time. All I needed to know was 'if'. My solution was fast and simple. Take the NIC out of the PCI slot. Put a new one in. Spoofing the NIC MAC didn't work. The factory MAC was still being pulled even after the spoof. NIC spoofing is nothing more than a registry entry. Anything that polls the NIC MAC without asking the registry would get the real MAC, avoiding the spoofed info. (definition of two terms: poll=to request data / pull=to get the data requested)
To be clear: They were getting the modem MAC too. Apparently they weren't implementing anything related to the modem MAC, though.
Whatever they were doing to get the MACs, it was getting EVERY MAC in the machine. Even though I wasn't connected from both modems and my 2 wireless adapters, it was getting all of the MACs. Which is why I didn't suggest people install 2 NICs and just switch back and forth. Install one, use it, remove it, install the other, use it, remove it, install the original one, lather rinse repeat.
Quote:
I do have a question for you though.
How is it that they're polling the network card's MAC and not the modem's MAC?
|
I'm not especially fluent in java. It can be done. A friend of mine used to spoof the pages of popular websites back in the early '90s, with the intent of harvesting personal data. He used java somehow and was successful. He's very wealthy and no longer resides in the United States or uses the name his mom and dad gave him when he was born, therefore I can't ask him. I can say that I doubt he was using java to communicate directly to the remote NIC. My suspicion is that he was simply doing some sort of BIOS call through the operating system.
Quote:
|
I did a Google search and I was a bit surprised to see some people claim that a MAC address can be obtained with only Javascript.
|
According to me, I wouldn't take the word of any company that claims .anything. is impossible. They used to say lasers could not generate a 3D hologram in mid-air. I and a friend of mine did it back in 1988. They said the Titanic was unsinkable...
Quote:
Unfortunately, no one distinguished between network MAC and modem MAC.
And according to Sun this isn't even possible.
|
Obtaining IP using javascript is not impossible or even difficult.
Quote:
|
Up until your post about checking the packets, I honestly thought everyone blaming the MAC address were wrong. I'd never before seen this type of code. I remember years ago trying to obtain a simple ip address from Javascript and it wasn't possible.
|
I wouldn't know about this. I am clueless about ActiveX. I doubt that it is true, though. It sounds like deliberate misinformation or something said by somebody who is only fluent in ActiveX.
Quote:
I guess the standard has evolved quite a bit in the last few years.
According to posts hereIt's possible to get MAC from javascript, only when using ActiveX.
|
IE will give info just as freely as it retrieves info.
I never had java enabled. I only tested with java disabled on the client - and - the computer I used for monitoring did not even support java. I wasn't viewing page-source. I used a second computer to monitor all the inbound and outbound packet traffic between the first computer and the website. I sniffed the packets using an application that has nothing at all to do with java.
Have you tested packets while having Java disabled?[/QUOTE]
My bottom line on the whole thing is that I only wanted to determine a fact and establish a definite solution. I was not trying to study every element of how they make it happen.
I love analogies, so here's another: We don't need to know the formula for the alloy they use to make coins or the machine used to stamp them out. All we need to know is that coins exist and then acquire some - then we can spend them. Let others do all the silly over-thinking.
