Mac VS IP

Authentication

So we have an imei and a sim number, a cnic number and a telephone number and mac and an ip address

Suppose a computer with an IP 192.168.1.2 has to be refered to. A broadcast would be sent all over the network. Whoever will have that 1.2 IP will reply , with its mac address. Now this will be mapped.

Now suppose we dont have mac addresses. A broadcast is sent over in the network , a machine replies that yes it is 1.2. How can you be assured that that is the case ? What identification does 1.2 have of being really who it is.?

Analogies

Just like the case that I may have your phone number , but I do not have your CNIC(or SSN) number. I call you and you tell me you are Mr XYZ. I cannot verify that. So you send your CNIC number to me. I make a mapping between your phone number and CNIC. thats it. Now whenever i'll be calling on the number , i can be sure that its the intended person.

Mac Forging

What if you send me someone elses' CNIC number ? well this is theoricitally impossible. Because each machine has ONE mac, and it is BURNT into the hardware. It doesn't live in the memory so that we may be able to access it and change it. Its inside the hardware, burnt into it.

If somehow we find a way to change a MAC address it'll be a disaster. Supposedly 192.168.1.3 is the person i'd like to talk to ; I send a broadcast . 1.3 replies with a MAC address of lets say a different machine (with ip 1.5) . Now all traffic intended for the machine 1.3 , would be going to the machine whose mac address was provided (1.5) .

This means if I send a file through any software like VYpress to the machine 1.3 , the machine with the IP 1.5 would be actually receiving it.

Mac Security

However you can't get away with this. if you forged the mac you'll get caught . Consider the following. Now suppose someone wants to send a message this time to the machine 1.5. When 1.5 would reply with its mac , it'll be the same as the mac provided by 1.3. This will be the point where the system would detect a forgery and take an action. All this because the machine knows the rule of thumb : No two mac addresses on earth can be the same.

If two machines are coming up with a same MAC , then one of them is lying.

Once this is confirmed then any number and sequence of steps can be taken to identify the lying machine and forcing it to either correct , or disconnecting it from the network. But all this only happened when a message destined for the 1.5 machine came up. Had that not being the case , the machine 1.5 would still keep on receiving information destined for 1.3

Mac Spoofing

The above is a case of Mac spoofing. In which a user steals a mac from a network. The user then escapes from the hand of mac filtering that is applied at some networks. The mac filters maintains a list of mac addresses that would be allowed access to the network. If I were able to spoof on the network through some means and catch a mac , I could illegally enter the network as well by using one of the allowed macs that I caught.

Well What About IP?

IP is a logical addressing scheme. It takes to us from networks to networks. When it reaches the destination network, that network has the EXACT physical address of the machine . So the packets are deliverd then.

Supposedly a machine in USA wants to send a packet to a machine in Pakistan. Now it would have been real ugly to maintin a huge huge list of MAC addresses somewhere. Hence when www.yahoo.com sends a packet to a PC in pakistan, it just has an IP address. When the IP address reaches the network in which the user exists , that network has the exact physical address of the machine mapped with that yahoo was using. Thats how the packet would reach to the exact machine.

IP system is a hiearhical system. An IP address is a logical construct, while a MAC address is a random construct.

If www.yahoo.com would try to use a mac directly , it wont be able too because the MAC address has just gibberish. It doesn't say anything. It was not made for this purpose too. However an IP address, has much to say. IP classes , subnets , and the fact that gateways and routers understand them ; is the reason why www.yahoo.com would use the IP address for finding the client.

Its just like a phone number has logical constructions at times , the first digits for the country , the second for city and the rest for the suburb etc. But comparitively the CNIC number has no such locale information.