Hypothetical ? regarding network access and MAC address

[makntraks]

Herein I pose a hypothetical question... Lets say I have a laptop I use and I connect to someone elses network using my cable connection. Is it possible that the "MAC" address can be traced back to my laptop? Is it possible to clone a MAC address to make it look like my laptop tried to access the other network??? Also other than the MAC address is there any way to prove it was me if in fact it was??

Again, this is purely hypothetical on my part... Not sure if more info is needed but if do let me know....

Appreciate any answers or comments...
makntraks

[gadgetguy]

Can it be traced? - yes, as long as it's connected. Once disconnected , the MAC may have been stored, but without already knowing that it is your MAC address, it can't be "traced". Of course they can find out what your MAC address is from your laptop.
Can it be cloned? - yes, with the right equipment and assuming they know what your laptops MAC address is.
Other ways to prove it was you? - Prove to who? Are you asking about proving it in a criminal case, or a civil suit, or just because they want to? I can't answer specifics, but there are different burdens of proof in different cases.

[Nelson37]

It is also possible to have two different cards with the same MAC address. From a legal standpoint, this would be like saying you might have an identical twin, therefore DNA evidence would not be absolute proof. This is rare but I have seen it and could produce at least one other extremely qualified technician who could testify to this in a court of law under oath. He works for $150.00 an hour, I charge $75.00.

Yes, MAC can be cloned by another device. To do this to match yours, they would have to have access to your machine or just be extremely lucky to match by random chance. Actually they could get this info from some routers and set it up after the fact. Since you are not a valid network user, they could eliminate the valid users and then identify the offending PC by MAC address. If the plaintiff had ever had acces to your machine, you could contend you were being framed.

If we are talking about being fired as oppossed to a criminal offence, get your resume ready. If a civil case, pay the fine. If you are looking at serious jail time, you have a possible defense to imply reasonable doubt.

[Nelson37]

Just noticed the "cable connection" part. Are you on cable modem? If so, you are actually part of a network with others in your neighborhood. This would bring up the question whether any "shared resources" by any user on your segment is on "their" network or "your" network.

Any actions taken to circumvent security measures on such resources could be evidence of unlawful intent. Looking at openly viewable files "by accident" may or may not be a criminal offense.

If I have a table full of hamburgers in my front yard, my neighbor has no right to come over and eat one. If I put the table in the public street, I have no right to expect others NOT to eat them.

[ozymango]

Herein I pose a hypothetical question... Lets say I have a laptop I use and I connect to someone elses network using my cable connection. (my emphasis)

Nelson37 already touched on this but it's worth further consideration (as I work at a college and we're currently fighting a bunch of bot attacks on our network so we're watching traffic like crazy)... ... and we don't even have to worry about MAC address or anything because you're already CAUGHT because you're using your cable connection.

Your cable connection is based on the MAC/IP address of your cable modem, and you can play with that all you want, or try to, and all it will do is alert your provider that you're up to something. That is, you can have any number of different IP and/or MAC addresses downstream of your cable modem, and try to "hide" them behind whatever spoofing you want to do -- but once your network traffic is routed to the internet via your cable connection, that's gonna mark exactly where all that anonymous traffic came from. So no, there's really no way around being IDd if you connect to somebody else's network from your own network.

Now, if what's happening is that you (hypothetical you!) connect to his network via a wireless connection on his wireless router/switch -- which is what a lot of people like to try to do, if they're finks -- because he hasn't set up wireless security, then it may be possible to "hide" because the only info the cops would have on you would be the MAC address of your network card. And it's pretty easy to spoof a MAC address, so, if proper steps are taken, one could eavesdrop on somebody else's wireless connection with some degree of anonymity.

There are a whole lot of caveats in the above scenario, but the one thing I heartily recommend to everyone with a wireless router is to IMMEDIATELY ENABLE THE HIGHEST LEVEL OF ENCRYPTION/SECURITY that you can. Which can be a pain, I grant you, with the fifteen types of WEP security most routers/cards support, of which none have instructions that make sense in whatever language you speak.

[gadgetguy]

I understood his words to say he connected his laptop to their network using a network cable as opposed to a wireless connection. I didn't consider connecting from the 'wild'. That certainly can be traced through the ISPs. But IMO they would still have to prove he was at the laptop at the time.
Funny how people read the same words and get different meanings.

[ozymango]

Yeah, that also makes sense ... that's the trouble with language, it's too imprecise!

Of course, we're also all sorta assuming that he's talking about a scenario where he's nominally doing something "bad" and he's asking, can I be caught doing this? If so, the answer is most defintitely YES.

Or if it's he's a paranoid type with Kafka-esque visions of somebody pounding on his door at 3am to take him away for downloading "Hit Me Baby One More Time" and stick bamboo shoots under his fingernails for a crime he did not commit, because somebody spoofed his MAC address ... well, I suppose that could happen ... make a fun movie, anyway ... ...

[ViRaL1]

Your own computer's MAC address isn't as much of a smoking gun as the cable modem. Once something gets traced back to your cable modem, the burden of proof is on you to show that the alleged device was not part of your network. As far as MAC addresses go, one an easily go to a store, pick up a wireless card with cash and be virtually untraceable from an open hotspot if they wanted to.

[CrayonEater]

No, all that is needed to clone a MAC address is to find out what the MAC is you want to clone. Most routers offer a MAC cloning feature which allows you to specify your own MAC or clone the MAC of a NIC attached to it. This can also easily be done with many - perhaps, most - NIC cards, with simple software such as SMAC. A MAC address is nothing more than 6 bytes which your NIC is programmed to respond to. MAC spoofing can actually be a useful tool, as well as a form of attack.

As for obtaining your MAC address, a simple sniffer is all that is required. Nelson37 is right in that most routers will log MAC addresses anyway.

[Nelson37]

When he said he plugged into someone else's network, using HIS cable, I assumed cable modem. A direct cable connection into someone elses network would be using their cable. I suppose he could have his own patch cord, but that was just my assumption.