|
Home > Archive > Unix Programming > October 2005 > get client hardware address (MAC)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
get client hardware address (MAC)
|
|
| k:arel 2005-10-26, 6:01 pm |
| i'm trying to set up a secure client-server connection (for now without
encryption) and want to verify if the x+1'th message received is from
the same sender as the x'th message
i've tried to print the MAC address via the ioctl, both it complains
that the protocol family isn't supported
/* ****************************************
*************** */
//...
recv_sd = accept(listen_sd, (struct sockaddr*) &client, &len);
struct arpreq arpreq_;
bzero(&arpreq_, sizeof(struct arpreq));
if( ( n = ioctl(recv_sd, SIOCGARP, &arpreq_) ) < 0 ){
sendErrorMessage("ioctl error", __FUNCTION__, TCL_ERROR, 1);
}
unsigned char *ptr = &arpreq_.arp_ha.sa_data[0];
printf("MAC: %x:%x:%x:%x:%x:%x\n", *ptr, *(ptr+1), *(ptr+2), *(ptr+3),
*(ptr+4), *(ptr+5));
//...
/* ****************************************
*************** */
the client's protocol family is AF_INET and ioctl needs AF_UNRES
is there maybe a way to "convert" a socket's family?
| |
| Måns Rullgård 2005-10-26, 6:02 pm |
| "k:arel" <karelnijs@gmail.com> writes:
> i'm trying to set up a secure client-server connection (for now without
> encryption) and want to verify if the x+1'th message received is from
> the same sender as the x'th message
>
> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported
You can't rely on MAC addresses (or any other addresses) for
security. If you need security, use something like SSL.
--
Måns Rullgård
mru@inprovide.com
| |
| David Schwartz 2005-10-26, 6:02 pm |
|
"k:arel" <karelnijs@gmail.com> wrote in message
news:1130357139.665773.34850@g44g2000cwa.googlegroups.com...
> i'm trying to set up a secure client-server connection (for now without
> encryption)
Umm, then what make it secure?
> and want to verify if the x+1'th message received is from
> the same sender as the x'th message
Okay, then you need some way to identify the sender.
> i've tried to print the MAC address via the ioctl, both it complains
> that the protocol family isn't supported
There are many problems with this approach:
1) The MAC address could easily be known to an attacker. An attacker can
easily spoof his MAC address.
2) The MAC address identifies the sender of the *ethernet* packet, not
the IP packet. The ethernet packet is often sent by a router or gateway. An
attacker could easily send packets through the same gateway and thus get the
same MAC address.
When you say you want a "secure" connection. What do you mean by
"secure"? What is it supposed to be impossible (or difficult) for an
attacker to do?
DS
| |
| Gordon Burditt 2005-10-26, 6:02 pm |
| >i'm trying to set up a secure client-server connection (for now without
>encryption) and want to verify if the x+1'th message received is from
>the same sender as the x'th message
Between what and what? If it's not on your LAN, you'll just see
the MAC address of your router for the entire Internet except
your LAN.
Gordon L. Burditt
| |
| k:arel 2005-10-27, 2:48 am |
| You guys are right. Actually, it =EDs basis networking theory and i
didn't thought of it.
I'm writing a thesis about securing a home made protocol for a remote
control application (run by a Tcl GUI).
Yesterday, i was doing a security analysis and picking out the weak
points. So i came up with that it would be good to take some
countermeasures against spoofing
my analysis will be online soon, but will be written in Dutch :-(
|
|
|
|
|