From nobody Mon Nov 7 04:38:21 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N5JQK2tNDz4gsG6 for ; Mon, 7 Nov 2022 04:38:33 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N5JQJ368yz4MXn for ; Mon, 7 Nov 2022 04:38:32 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1667795902; bh=qvntQhVklXV8m8JQ+rXlFOJwpOwir0v16J38zVT+eno=; h=Received:Message-ID:Date:MIME-Version:User-Agent:Subject: Content-Language:To:References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=iAnYgTqAmO5VqyyhO0NO6KveffEUPt2v/utTRUFCALj7DqJ8GqUZQkNCqYwSW/BdL 6XN+JnBxc+RFXXNHvdlM3YSjIhB+IUHnsFdQKxrTWi8xPrL2AB/hek8tzRsuOWuK/y DfnSEtBvntt/IuwvfXPggRR1REaMT6LBjoAbnbJ0EWNy0ZRgIswItqtpuPjk56QJZS DpfmaN49SJQ/Xf3Xzjzez2a3CTxyKV43/TDL8NIZV8ziVmA/02yHM4P11ZNdg3H01F m/vVHhtJQpPtIubLy9C36j9Yjqq245wMUj2tzu91mVZaUnhEQAA9Wh+PLMjt34SE26 garFCQTL8pm1BDo1grSGgI4Pbwsyvg4trZzB5lv/aAhWy+tr0VUjw+fVh+JMJE6rVh HvpVKqejQcaPp+MJurZlNDRS5P+3FtVawRBvnKAYzXFLtezs3tIkxDvuxbfU5cxO6c 5k0LKGF/U+W1xO5d3HOBUrjiGAfCpzoXP8+B8ciGYjMlqPEmusXcfFV6fSevti9UlJ R5TtCaQr05NlWw/RFcFsZxUPKP7EXpebUQXiqs4rzCIba7QUPH5eDs7KeSDpoLh7gp I/k2Mowu7sOURqId/6i6KiCcZhx7bzlyMJ+lgxGpBOsPlKfNuU/DxrZaOeH3P/DRvQ B5WDYBkOKYZ16EpzEIsQ1/7s= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sun, 6 Nov 2022 20:38:22 -0800 Message-ID: <5afc435a-ec4e-c7a3-d253-b6f1be652227@holgerdanske.com> Date: Sun, 6 Nov 2022 20:38:21 -0800 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 Subject: Re: --solved-- ; well , mostly ; was: my isp has trouble with its own dhcp assignment Content-Language: en-US To: questions@freebsd.org References: <184d5515-80af-50b3-593e-6bc379b441df@risebroadband.net> <64f6a7dd-5c99-1c07-8b4f-27a3f2ecc9af@holgerdanske.com> <95dab92e-1f3f-065f-577d-c8ab21dcd577@holgerdanske.com> <4257bca2-f07a-a29b-847a-b3ba07a7cb8b@risebroadband.net> From: David Christensen In-Reply-To: <4257bca2-f07a-a29b-847a-b3ba07a7cb8b@risebroadband.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4N5JQJ368yz4MXn X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=iAnYgTqA; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 184.105.128.27 as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; R_SPF_ALLOW(-0.20)[+a]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[holgerdanske.com:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MLMMJ_DEST(0.00)[questions@freebsd.org]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On 11/6/22 18:01, spellberg_robert wrote: >   i called "tech_support"            [ open sundays ] , >   she probes the nic on the old gateway , >   for its dhcp_addr and its mac_addr . > then , she has me swap the boxen and >   she probes the nic on the new gateway , similarly . > just like that , the new_gw works just_as_well_as the old_gw . > she tells me that the problem is that i had a different mac_addr . > "it's a security thing" , says she . > "you need to call `tech_support' , when you change the mac_addr ." > > "if i move the old_nic to the new_gw , when i swap the boxen , >   then i have , still , the old mac_addr ; >   do i need to call , still ?" , he inquired , hope_fully . > "no , because , then , the mac_addr has not changed" , >   she replied , re_assuringly . >     is there some kind of security issue w/ nic mac_addresses ? Without MAC filtering by the ISP, if someone gains physical access to the modem (antenna), gateway, or the network in between, they could disconnect the gateway, connect their device, and use your Internet connection. MAC filtering will require a skilled technician to change the MAC address of their device to match the MAC address of the authorized gateway; either by moving the NIC or via software. So, congratulations! You are a skilled technician! :-) My UniFi Wi-Fi network has a "MAC Authorization" filter -- either "Deny List" or "Allow List". The Allow List is similar to what your ISP uses. A skilled technician will change their device MAC address (and they will also need the passphrase to connect). Some Apple devices with Wi-Fi have a feature called "Private Addresses", whereby the device provides a different MAC address to each Wi-Fi network it connects to. This is to prevent tracking the device as the user roams across Wi-Fi networks. A skilled technician will make a look-up table (for tracking) and/or change their device MAC address (for impersonation) (and they will also need passphrases to connect): https://support.apple.com/en-us/HT211227 David