Banned at work. Unban please.
December 25, 2008 12:59 PM Subscribe
I mistakenly ran p2p software on my laptop while connected to my company's wireless. Now my laptop is prevented from connecting. I'd like to unban it again.
So I don't use computers where I work, but we have wireless in the building and I used to bring my laptop in and use their signal. A week or so ago, I was downloading something from a friend, then closed the laptop.
The next morning, I went to work and opened the laptop, forgetting that I had the app running. After 5 minutes or so, I discovered I was blocked.
I'd never intentionally download anything at work. But I do write and blog from work and now cannot. How have they banned my computer? Do they see a MAC address, or have they put a cookie on the harddrive?
Mac 10.4.11, was running Azureus.
So I don't use computers where I work, but we have wireless in the building and I used to bring my laptop in and use their signal. A week or so ago, I was downloading something from a friend, then closed the laptop.
The next morning, I went to work and opened the laptop, forgetting that I had the app running. After 5 minutes or so, I discovered I was blocked.
I'd never intentionally download anything at work. But I do write and blog from work and now cannot. How have they banned my computer? Do they see a MAC address, or have they put a cookie on the harddrive?
Mac 10.4.11, was running Azureus.
Also, you'll need to verify that your wireless uses en1 - it might be something else. If you run 'ifconfig' from the command line, it will tell you what network devices you have. Run System Preferences -> Network -> Airport to see what your current wireless mac address is, and then use ifconfig to find which network device it's associated with. Replace en1 in the command above with the appropriate network device.
posted by zippy at 1:18 PM on December 25, 2008
posted by zippy at 1:18 PM on December 25, 2008
Slightly clearer description of spoofing a mac address.
posted by zippy at 1:27 PM on December 25, 2008
posted by zippy at 1:27 PM on December 25, 2008
Response by poster: What effect will changing the mac address have on my home network?
Also, thanks for taking all that time on xmas!
posted by nevercalm at 1:54 PM on December 25, 2008
Also, thanks for taking all that time on xmas!
posted by nevercalm at 1:54 PM on December 25, 2008
What effect will changing the mac address have on my home network?
Unless you're doing MAC-based filtering on your router, or something else specifically MAC-related - and you'd know it, you'd have set it up that way yourself - none at all.
posted by Tomorrowful at 1:55 PM on December 25, 2008
Unless you're doing MAC-based filtering on your router, or something else specifically MAC-related - and you'd know it, you'd have set it up that way yourself - none at all.
posted by Tomorrowful at 1:55 PM on December 25, 2008
Warning, in the unlikely event that you pick a number in use by someone else on your local network, it will cause connectivity problems for you and for them.
Even if you pick a MAC address that doesn't conflict, your network admins will be able to tell that you're spoofing a MAC address. Whether they care enough to monitor for such a thing is uncertain.
posted by oaf at 1:56 PM on December 25, 2008
Even if you pick a MAC address that doesn't conflict, your network admins will be able to tell that you're spoofing a MAC address. Whether they care enough to monitor for such a thing is uncertain.
posted by oaf at 1:56 PM on December 25, 2008
As an admin myself I would recommend you tell whoever's in charge of the network that you made a mistake, you will be careful to make sure it won't happen again, and to please remove the block.
Trying to disguise your machine and sneak past whatever protection they have set up (and yes, this is not to inconvenience you, it's to protect the company) is a SURE way to get on their bad side. You may even lose your job.
posted by fritley at 2:09 PM on December 25, 2008 [1 favorite]
Trying to disguise your machine and sneak past whatever protection they have set up (and yes, this is not to inconvenience you, it's to protect the company) is a SURE way to get on their bad side. You may even lose your job.
posted by fritley at 2:09 PM on December 25, 2008 [1 favorite]
Response by poster: In the corporation I'm essentially a daily hire (tho I've worked at the same place, in the same job, for years), and I have very little connection to the corporate (and IT) structure...I barely know who my HR people are, much less IT.
If you can tell a mac address is being spoofed, can't you then take measures to prevent machines with spoofed addresses from accessing the network?
posted by nevercalm at 2:18 PM on December 25, 2008
If you can tell a mac address is being spoofed, can't you then take measures to prevent machines with spoofed addresses from accessing the network?
posted by nevercalm at 2:18 PM on December 25, 2008
Even if you pick a MAC address that doesn't conflict, your network admins will be able to tell that you're spoofing a MAC address.
I dunno about that. The only technique I find for identifying faked MACs can only detect totally bogus MACs--an address that doesn't start with a valid, IEEE-allocated organization identifier. If you pick a legal (viable) MAC that just doesn't happen to be your own, and you do this before you sign on to the network, I can't imagine how it would be detected. It's not as if you can ask an ethernet endpoint "No, seriously, what's your real MAC?"
So, MAC spoofing is probably the way to go if you really can't get through to IT.
But, it's going to be way less convenient than just calling up IT and explaining the situation to them--even if you don't know them. This sort of thing happens all the time, and even if they don't know you, the fact that you're not trying to bypass the ban is generally seen as evidence that it was a mistake. They probably won't unban you a second time, though, so be careful.
posted by Netzapper at 4:26 PM on December 25, 2008
I dunno about that. The only technique I find for identifying faked MACs can only detect totally bogus MACs--an address that doesn't start with a valid, IEEE-allocated organization identifier. If you pick a legal (viable) MAC that just doesn't happen to be your own, and you do this before you sign on to the network, I can't imagine how it would be detected. It's not as if you can ask an ethernet endpoint "No, seriously, what's your real MAC?"
So, MAC spoofing is probably the way to go if you really can't get through to IT.
But, it's going to be way less convenient than just calling up IT and explaining the situation to them--even if you don't know them. This sort of thing happens all the time, and even if they don't know you, the fact that you're not trying to bypass the ban is generally seen as evidence that it was a mistake. They probably won't unban you a second time, though, so be careful.
posted by Netzapper at 4:26 PM on December 25, 2008
Oh, I should mention that fritley is right. If they do catch your spoofing, you will be on the receiving end of both barrels loaded with double-O shit.
posted by Netzapper at 4:28 PM on December 25, 2008
posted by Netzapper at 4:28 PM on December 25, 2008
Yes, I should withdraw my advice - spoofing is not a good solution to this problem, especially since you aren't on a first-name basis with your IT team.
posted by zippy at 5:48 PM on December 25, 2008
posted by zippy at 5:48 PM on December 25, 2008
Let's not forget it could also be done with an ip (depending on their leasing practices) and/or hostname.
I agree banning by mac address is way more likely, but should spoofing not resolve anything, there are other methods to consider.
posted by jtarchi at 5:50 PM on December 25, 2008
I agree banning by mac address is way more likely, but should spoofing not resolve anything, there are other methods to consider.
posted by jtarchi at 5:50 PM on December 25, 2008
Response by poster: OK, jtarchi, I'm open to suggestion....
There are far too many great answers here to mark as "best," so I'd just like to thank everyone for the genuinely enlightening discussion.
posted by nevercalm at 7:16 PM on December 25, 2008
There are far too many great answers here to mark as "best," so I'd just like to thank everyone for the genuinely enlightening discussion.
posted by nevercalm at 7:16 PM on December 25, 2008
Jtarchi- Those IP leases? They're maintained by the MAC address. Release the IP address, pick a new MAC address, and there's no way practical to tell its the same laptop connecting to wireless.
posted by meta_eli at 8:22 PM on December 25, 2008
posted by meta_eli at 8:22 PM on December 25, 2008
If you pick a new MAC address xx:xx:xx:yy:yy:yy where the xx:xx:xx part is the same as what's in your existing MAC address, you'll still have a MAC address with a valid org identifier without having to go and look those up.
But seriously, your best bet is to find out who your IT support person is and buy them beer.
posted by flabdablet at 7:30 AM on December 26, 2008
But seriously, your best bet is to find out who your IT support person is and buy them beer.
posted by flabdablet at 7:30 AM on December 26, 2008
If you pick a legal (viable) MAC that just doesn't happen to be your own, and you do this before you sign on to the network, I can't imagine how it would be detected.
Pattern analysis (after the fact, naturally), plus the fact that most OSes are really bad at maintaining the façade 100% of the time.
I recall an incident where someone spoofed the MAC address of another machine that was not connected to the network, and was indeed hundreds of miles away at the time. They did something that almost got the innocent, absent party into a great deal of trouble. Log analysis after the innocent party said "What are you talking about? My computer and I were in a different time zone for days on either side of either incident." revealed exactly which computer was forging that particular MAC address.
Release the IP address, pick a new MAC address, and there's no way practical to tell its the same laptop connecting to wireless.
Yes, there is. If you kept this up for a year, it's a safe bet that if they actually care that you're doing this, you'll be caught. The likelihood that they care is probably pretty low, but it's not zero.
posted by oaf at 10:31 AM on December 28, 2008
Pattern analysis (after the fact, naturally), plus the fact that most OSes are really bad at maintaining the façade 100% of the time.
I recall an incident where someone spoofed the MAC address of another machine that was not connected to the network, and was indeed hundreds of miles away at the time. They did something that almost got the innocent, absent party into a great deal of trouble. Log analysis after the innocent party said "What are you talking about? My computer and I were in a different time zone for days on either side of either incident." revealed exactly which computer was forging that particular MAC address.
Release the IP address, pick a new MAC address, and there's no way practical to tell its the same laptop connecting to wireless.
Yes, there is. If you kept this up for a year, it's a safe bet that if they actually care that you're doing this, you'll be caught. The likelihood that they care is probably pretty low, but it's not zero.
posted by oaf at 10:31 AM on December 28, 2008
This thread is closed to new comments.
Here's the command to change it. You need to run this from the command line (Applications->Utilities->Terminal)
sudo ifconfig en1 ether xx:xx:xx:xx:xx:xx
Where xx are hexadecimal numbers (i.e., 4f:33:...)
Warning, in the unlikely event that you pick a number in use by someone else on your local network, it will cause connectivity problems for you and for them.
posted by zippy at 1:13 PM on December 25, 2008 [1 favorite]