Can this be done? (User ID wiv Comp)

uniflare

Ok, as you all know every edition of windows is different (either different serial code or whatever), so i was thinking, instead of using IP address (which can be changed), or a cookie (Which can be deleted) to ban someone, we could use a PCID, so they would not be able to escape the ban.... it would make my security life so much easier, done any1 know how to do it, and tutorials, or know anyone h#who has done it before using either Perl CGI/PHP/Java/Javascript?

any1?

Thank you very much in advance... 🙂

jayant

yes it is possible to get those details

drawmack

So what happens when I upgrade windows with my weekly secuirty patch, which changes the version number? Or I decide to instal linux, or I just hack my system and change those numbers manual?

ZibingsCoder

Hmm...though I've never seen this done before, it kind of amazes me now that it's been brought up. This would involve a socket connection I assume, as that's the easiest way to get this kind of information from someone. I'll look around, I'm kind of interested in this now.

leatherback

... Just a small thing to keep in mind.. What if you want to ban a linux / OSX / Be / .. Op. system user/

ZibingsCoder

It'd be nice if you could ban someone by MAC address. 😉

uniflare

Well, for starter, in the code of linux, its open, so linux would kinda be near impossible to completely ban, unless you got other information like the type of programs installed and stuff... or how the system is set up. would b REALLY hard.

and as drawmack mentioned, yes, that would be possible i think, but who would go through all that trouble just to get unbanned? would be a hacker with a lot of free time lol.

it also would not rely on 1 thing, it would have a number of things it could compare, for instance, MD5(version.OS.log-in name); and another: md5(serial); and another md5(version.Desktop Theme.Background Color.KERNAL Process number.Computer Vendor); near enuf, they would have to change everything on their computer to actually change it...

OR i could just go and do MD5(Physical Computer Serial); which would near enuf stop them from doing anything unless they got a new computer or whatever (that would work on linux, maybe MAC, dont know anything about MAC)

But ya, if anyone can find out any info about getting the Physical Computer Vendor/Serial and/or Serials of any other physical Hardware, then the security would b near inpenatrable.

Thanks for quick response and thoughtful comments 🙂

drawmack

as mentioned above I think MAC address would be the way to go with this, if you can get it.

drawmack

also keep in mind with md5 that you are mapping up to 64,000 bits to 128 bits. A little elementary school math will tell you there must be repeats, therefor you could be banning more then one person by grabbing all those different things and md5ing them.

uniflare

ok then i wont MD5 them.... so well, is there any code to do that? how do i use the sockets?

goldbug

Originally posted by drawmack
as mentioned above I think MAC address would be the way to go with this, if you can get it.

It's almost as trivial to spoof a MAC address as it is to spoof an IP address. 😃

goldbug

Originally posted by ZibingsCoder
Hmm...though I've never seen this done before, it kind of amazes me now that it's been brought up. This would involve a socket connection I assume, as that's the easiest way to get this kind of information from someone. I'll look around, I'm kind of interested in this now.

Also easily stopped. (Firewall)