Privacy/Security: How to change my IP address daily or weekly on DSL

The only minor gotcha I know about is there is apparently a (hidden?) bit on the MAC address which indicates whether you are using the burned-in MAC or a modified MAC.

So, as far as I know, the only thing they can tell is that you're not using the original MAC ... but that in and of itself doesn't give them the original MAC (AFAIK).

The problem with this assumption (of the change bit) is that means the MAC address is NOT the FF-FF-FF-FF-FF-FF we think it is because that doesn't allow for the change bit. This change-bit part confuses me.

Hi Warren Oates, I think this particular question is still out for a reasonable jury to decide.

My hypothesis (needs to stand the test of reason) is that all "they" know about the computer and owner is the (bogus) MAC address and the fact that the bogus MAC address is not the original burned-in MAC address (due to a presumed change bit being flipped that you can not unflip once you change the MAC address). They don't have any other identifying information (other than the content of the messages sent by this means).

One other question I have is what happens if you change the MAC address back.

Does than 'unchange' the change bit on the MAC address?

Hi Dana,

We're getting somewhere here. I'm sorry I was so thick as to not understand prior comments about changing the MAC address not adding privacy under most curcumstances. But, I still think under the free hotspot circumstance, changing the MAC address is additive to privacy.

I can answer your concerns above - having done it many times . yes no maybe

Yes you can change your MAC address (it's trivial). MacMakeUp changes the MAC address on a Windows computer.

No, the ISP doesn't care one twit (I've done it hundreds of times and nothing bad has happened).

Maybe there is a change bit (I read that somewhere) in the MAC address so the ISP and the hotel lobby both know you changed the MAC address. In the case of the ISP, they never had your original MAC address (since I changed it looong ago before joining my current ISP) ... so all they ever had were the random MAC addresses but they can associate some of those random MAC addresses to me so I must be careful not to reuse them.

As other's have said yes a script can do this, however, what you'd likely accomplish is releasing/renewing the lease of the IP on your LAN (ie: between your computers and access point/router). What you really want to accomplish is scripting a release/renew (with a hour or two between aparently) between your modem and ISP, which is not easily accomplished.

Hmmm... I am learning of the subtlties of privacy.

CASE 1 (ISP from a home network): Is it true that the ISP never sees the spoofed PC MAC address; the ISP only sees the ROUTER MAC address?

CASE 2 (modem dialup to NetZero from a blocked phone): NetZero only sees your spoofed MAC address assuming you obtained the NetZero software separately (e.g., from a library computer). However, the initial establishment of an account may provide identifying information since it requires an email address and a valid ISP just to download the NetZero software. Even if you saved the NetZero software on a flash card, you still would have needed to establish an initial connection to NetZero to obtain the software even if that were years ago - which is the weak link (as far as we can tell).

CASE 3 (free hotspot): It seems that changing the MAC address prior to connection is additive to privacy. I think there is a "change bit" which indicates the MAC address were changed but I am unsure of that.

Hi kingthorin, I much appreciate your willingness to help and your reasonable ideas. What always works is to unplug BOTH the modem & router overnight.

Note an "ipconfig /all" does NOT tell us the new IP address of the ROUTER; I have to obtain the new router IP address from my NNTP server posting line in my subsequent USENET posts.

Also note that I can't seem to "force" the PPPOE dialup by the router from the computer so often I need to unplug and replug in the linksys router to force the router to dial into the dsl isp.

Is there any way you know of to force the linksys router to dial into the PPPOE account on demand?

Oh my!

I finally understand I've been changing the wrong MAC address in the case of the ISP because in this home-networking case, I am behind a ROUTER.

So, it's the router's MAC that I should have been changing.

Ouch. I was dumb. I was wasting my time.

I don't know how to change the linksys router's MAC yet. But, even so, I understand that in CASE 1 (home ISP), changing the MAC isn't additive to privacy so it's a moot point.

But, if I did change the router's MAC, it _might_ wreak havoc with the ISP as you noted (I would assume not though as you can change routers all you want and it shouldn't bother the ISP).

I am learning from you all! THANKS

More akin to how they busted foley. Just by using your internet account. For a lot of us, that is our always on connection to the internet. You logged on to the internet from somewhere.

That was my point about the MAC. His changing it made no change in identifying him, if someone really wanted too.

This really is now getting into computer forensics, kind of interesting.

I have needed to change MAC's for a couple of systems I worked on. I never really dug that deep, I only knew that it was called a software MAC when I would direct the PC to use the MAC I gave it, instead of the burned in address. I read what Warren wrote, and I am now going to dig into that.

No, if you are using the changed MAC address, they will not see the burned in address, which really only identifies the NIC.

Besides the change bit, I tend to agree with the hotspot. But you would have to change the address before an initial connection.

Correct because they have no idea how many computers you may own or have access to. They give you the login information, not a paticular device.

This topic has really opened up some interesting issues.

But even at that, if you are doing this from a DSL or cable modem or dial up internet account, you have to log in. So once you log in with your account info, whatever mac address you use will be associated to your name. The only way around that would be to set up an account with a different name. That may work for awhile with a dial up account, but with a DSL or cable Modem that is actually kind of placed at a paticular residence, just changing your name may not hide the identity.

You may want to post this question to the hacker type groups

Not your router, but the cable modem or DSL modem, that is the last address prior to hitting the network, so that would be the address to change, but then that is usually your providers equipment, and they would probably be a tad upset about you getting in there making changes like that.

I may be wrong here, but I believe the NNTP posting host will be a news server from the ISP. So depending on how many news servers they have for where you connect, this address may not change that often if you post from the same location.

Gotta add my 2 cents to this:

You use many real world examples to try and justify what you are trying to protect. But changing your IP is not really the same thing as closing the bathroom stall door as you put it. It more like just moving over to the next stall.

Closing the blinds, closing the door, closing your windows, locking your car. All firewall similes. Going out and moving your car a couple of spots over, that would be changing your IP.

Leaving your purse in the shopping cart. vs Leaving your purse in the shopping cart in one aisle over. Same end effect as changing your IP. The person that wants the purse only has to walk one more aisle over. Don't know about you, but that doesn't take much effort if I want that purse.

Now locking your doors and rolling up your windows (firewall) vs locking your doors and rolling up your windows and moving your car over a couple of spots in the same parking lot (firewall and changing IP) added nothing for security. It just means the person looking just had to move over a couple of spots. Not only is this useless but it doesn't take real amount of time. Once again, walking that extra little bit if I want your car or its contents isn't going to do anything.

Also, you grabbed another posters information earlier to show the ease to retrieve informaiton. Question is, was this information that the poster had freely posted before? I find it safe to assume that if I were to post it, then people are going to know about it. If I don't want people to know it, I don't post it. So really, to say you've discovered something about a person when the person sat there and told a large group of people isn't much of an acomplishment.

Since I am posting from a static address, people are going to be able to tell where I work. Good for them. Here I'll make it easy: I work for a company called PAMI. Now people know and will be able to look it up for a long time to come. Does it matter? Of course not. Had it mattered I wouldn't have posted it. So if you do not people knowing were you work or such information, don't post it.

director wants ISPs to track users Declan McCullagh, for News.com

FBI Director Robert Mueller on Tuesday called on Internet service providers to record their customers' online activities, a move that anticipates a fierce debate over privacy and law enforcement in Washington next year. "Terrorists coordinate their plans cloaked in the anonymity of the Internet, as do violent sexual predators prowling chat rooms," Mueller said in a speech at the International Association of Chiefs of Police conference in Boston. "All too often, we find that before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims," Mueller said. "We must find a balance between the legitimate need for privacy and law enforcement's clear need for access." The speech to the law enforcement group, which approved a resolution on the topic earlier in the day, echoes other calls from Bush administration officials to force private firms to record information about customers. Attorney General Alberto Gonzales, for instance, told Congress last month that "this is a national problem that requires federal legislation." Justice Department officials admit privately that data retention legislation is controversial enough that there wasn't time to ease it through the U.S. Congress before politicians left to campaign for re-election. Instead, the idea is expected to surface in early 2007, and one Democratic politician has already promised legislation. Law enforcement groups claim that by the time they contact Internet service providers, customers' records may be deleted in the routine course of business. Industry representatives, however, say that if police respond to tips promptly instead of dawdling, it would be difficult to imagine any investigation that would be imperiled. It's not clear exactly what a data retention law would require. One proposal would go beyond Internet providers and require registrars, the companies that sell domain names, to maintain records too. And during private meetings with industry officials, FBI and Justice Department representatives have cited the desirability of also forcing search engines to keep logs - a proposal that could gain additional law enforcement support after AOL showed how useful such records could be in investigations. A representative of the International Association of Chiefs of Police said he was not able to provide a copy of the resolution. Preservation vs. retention At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation-a practice called data preservation. A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on if a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency. When adopting its data retention rules, the European Parliament approved U.K.-backed requirements saying that communications providers in its 25 member countries-several of which had enacted their own data retention laws already-must retain customer data for a minimum of six months and a maximum of two years. The Europe-wide requirement applies to a wide variety of "traffic" and "location" data, including: the identities of the customers' correspondents; the date, time and duration of phone calls, VoIP (voice over Internet Protocol) calls or e-mail messages; and the location of the device used for the communications. But the "content" of the communications is not supposed to be retained. The rules are expected to take effect in 2008.

Who cares about it? Am I missing something here? Who cares about some IP the ISP's NG server is using?

What does any of this have to do with the security of my machine or anyone's machine? Or even, what does any of it mean in protecting some privacy that the ISP is using for its NG server is not changing?

That IP should not be changing in the first place and if it did change, then the NG server is using a DHCP IP, which most likely it's not and is using a static IP that doesn't change. But again, what does it have to do with anything in the context of the post about *privacy and security*?

The only IP that would mean anything is the IP the ISP assigned to my machine so that I can have an Internet connection between my machine and the ISP's network to the Internet, which changes every time I dial-up and make a connection with the ISP's network.

I don't even care about some kind of privacy aspects that are trying to be pointed out in the original post, because none of it means anything with protecting some kind of privacy.

This whole thread is much to do about nothing.

Duane :)

There is a lot of interesting technical discussion here, but I would like to take a different approach From all the posts here and on the 'firewall' newsgroup, I believe I understand what Aluxe is after.

Certainly we can trace posts here by screen name or IP (of the router) , and if the IP changes it would make it more difficult to correlate posts if made under a different name. When we post, we expect that our message will be read, and the consequence of that is that we identify ourselves to some degree. Some of us hide our e-mail address - I don't mind if mine shows.

There was mention made of posts to 'personals' type groups, and not wishing these posts to be correlated with technical posts. The use of different 'screen names' helps. But there is still the matter of IP address. Somebody could determine my IP address, and scan all usenet posts for today and discover that I also posted to the 'windows98' group, because a post there had the same IP address, even if it was under a different name. If I had used a different screen name AND had changed my IP address, that correlation could not be made. It is worth noting that nobody 'owns' a usenet screen name - I have seen the same name used by different posters. Therefore posts having the same 'screen name' suggests but does not proove that they were made by the same person.

It would appear that, in order to cover ones tracks for this scenario, one would have to do the technical (public) posts from home and either use a different name with dial up, a public computer, or take the laptop to a hotspot for the 'personals' posts. These can still be traced to some degree, but with normal tools could not correlate the technical poster with the 'personals' poster.

This has nothing to do with security, but does grant a measure of privacy.

Comments?

"Stuart Miller" wrote in message news:EouZg.161589$R63.41013@pd7urf1no...

Interesting remarks. Especially when we now see that the FBI wants to force the ISP's to track the users of their systems. So what to do about privacy. Concerning your broadband connection to an ISP, the cable/dsl modem would be the device used to identify you to the system. This address while it probably can be changed, would probably result in the ISP blocking your access, as now that address does not match their records. So realizing that you cannot change that address, changing your own computers address really does no good, as you could still be identified just because of your connection to the broadband service. Using a dialup account may be a bit harder, but you would still have to provide some form of identification/authorization to log on, hence as a paying subscriber you really cannot avoid being identified. The free public hotspots, can remain free but I can see where in the future they may have you log in to use the system, the room for abuse here is large, so being tracked while using a free public hotspot may be difficult at best, unless the providers are forced to implement strict accountability procedures. I.E you have to show your drivers license to use the system, and your license number will be associated with the MAC you use to connect. But that takes a lot of oversight. So where does that leave people like the OP who desires more privacy. I see his only avenue would be to use proxy servers while surfing, and some premium news group posting service that strips his headers and uses there own headers as a way of remaining semi private.