In theory MAC addresses are unique!
Not really. But even so, theory is a poor base for explanation of what is going on. That theory was proposed back in the late 1960s when Ethernet was new, and the MAC address scheme was hoped to be a universal addressing scheme (such as IP addresses became some time later).
But - of course - i do not see it as a really unique identifier.
How do your readers/listeners see them, then? If they go by your words, they must interpret the word 'unique' to men 'not really unique'.
And something unique is … unique, for want of a better term. There are no duplicates. Not even one. One single duplicate destroys the uniqueness.
Most network books I've seen say something about MAC addresses being unique for all practical purposes within a specific LAN – as they wouldn't work properly otherwise, and that is fairly easy to discover. And that's usually enough for network technicians.
MACs are only changed by professionals, not by the average user or offender.
Well, that's probably where we differ. I don't know any research that backs up that statement … so I would never make it. And I don't believe very much in forensics by statistics unless it is backed up by really solid research.
The previous owner of the computer or the NIC could have done so. The user himself could have done so as part of a course on networking … or by mistake while fiddling with network configuration dialog boxes – it's easy to press OK instead of Cancel. There are even home routers that mirror the internal client MAC address on the external interface … do they work consistently, or can they keep an external MAc address even though that original device is not actually on the network anymore? A support technician could have done it while troubleshooting a network problem. A dishonest dealer could have done it. A 'Microsoft support technician' (those who call you and say you have malware on your system, and that they are calling to help you …) could have done it …
Or it could have been changed as part of the 'locally administered MAC address space', in which consideration of universal uniqueness do not apply you can do what you like there. That's probably more unusual, but it's still a part of the design of MAC addressing, and so must be taken into account.
And several years ago I saw a proposal by Cisco to create a DHCP-like service, but for MAC addresses … and I have no idea what has happened since then. I can't exclude the possibility that there are such services today, in special networks.
It still astonishes me that anyone would answer a question 'And is this MAC address unique and therefor an indication of what equipment was involved?' with any other answer that 'Haven't the slightest idea'.
This is one of these areas that I suspect that computer forensics may come a cropper over, as the FBI currently is over hair and bite mark comparisons.
And those, incidentally, are areas in which use of imprecise terminology in presentation of evidence has been criticized very severely.
TL;DR – Don't say 'unique' unless you really mean it -)
Look up FBI Playpen, as linked below
http//
Quote from article
Basically, if you visited the homepage, and started to sign up for a membership, or started to log in, the warrant authorised deployment of the NIT,” Fieman said. From here, the NIT would send a target's IP address, a unique identifier generated by the NIT, the operating system running on the computer and its architecture, information about whether the NIT had already been deployed to the same computer, the computer's Host Name, operating system username, and the computer's MAC address.
If i understand your post correctly, its in a similar nature to what the FBI implemented.
@dandaman_24
We are back at square #1.
Can a website collect the MAC address of a computer connected to it via the internet?
NO, the MAC address is "internal" to the "local" network, to gather it some (malicious, normally not allowed) code needs to be executed on the actual computer.
So, unless you "infect" the computer you cannot get its MAC address from "outside".
Then, even if you get it, not necessarily it is a "good enough" identification of a machine as it can be easily spoofed.
@athulin
Nice definition of "unique" )
jaclaz
On older systems running old windows services (XP and earlier), you can remotely query the service and extract the MAC address. Scripting this using access logs for input is a nobrainer.
Later systems have similar services that can be queried remotely, however new systems have firewalls enabled by default so.