hi, i often hear that "block ip", but i know every computer has an
unique physical address, why we can't block physical address? you
know,some counties, say,china, usually more than one user use the same
ip, maybe one of them does something ' wrong ', then get
punished, his ip is blocked. but at the same time, the other people who
use the same ip can't access some sites. that's not fair to them.
in a tcp connection, the receiver can get the source ip, namely,the
ip of the sender. i wonder does the receiver know the physical address
of the sender in a tcp connection?

samplestrategy@gmail.com dixit:

> hi, i often hear that "block ip", but i know every computer has an
> unique physical address, why we can't block physical address? you
> know,some counties, say,china, usually more than one user use the same
> ip, maybe one of them does something ' wrong ', then get
> punished, his ip is blocked. but at the same time, the other people who
> use the same ip can't access some sites. that's not fair to them.
> in a tcp connection, the receiver can get the source ip, namely,the
> ip of the sender. i wonder does the receiver know the physical address
> of the sender in a tcp connection?

The IP header only contains source and destination IP address, while the
TCP header contains source and destination port (which are correlated to
the application we're running).

However, TCP/IP is just a transport protocol that usually encapsulates
another low-level protocol, for instance, and Ethernet frame containing MAC
addresses.

Marcos

In article <1147425974.336498.59970@y43g2000cwc.googlegroups. com>, samplestrategy@gmail.com writes:
> hi, i often hear that "block ip", but i know every computer has an
> unique physical address, why we can't block physical address? you
> know,some counties, say,china, usually more than one user use the same
> ip, maybe one of them does something ' wrong ', then get
> punished, his ip is blocked. but at the same time, the other people who
> use the same ip can't access some sites. that's not fair to them.
> in a tcp connection, the receiver can get the source ip, namely,the
> ip of the sender. i wonder does the receiver know the physical address
> of the sender in a tcp connection?

The receiver does not know and, in general, has no way to find out.

That's rather the point of protocol layering.

Each layer hides the irrelevant details of the layer below and presents
a simplified interface for the layer above to interact with.

Even if you managed to figure out a way to learn the bad guy's MAC
address and stick it on a blacklist there's nothing to stop him from
presentind a different forged new MAC address tomorrow and bypassing
your list.

Not only do you have no way to learn his MAC address, you have no way
to verify his MAC address.

And no, it is not the case that every computer has a unique physical
address.

briggs@encompasserve.org wrote:
> In article <1147425974.336498.59970@y43g2000cwc.googlegroups. com>, samplestrategy@gmail.com writes:
> > hi, i often hear that "block ip", but i know every computer has an
> > unique physical address, why we can't block physical address? you
> > know,some counties, say,china, usually more than one user use the same
> > ip, maybe one of them does something ' wrong ', then get
> > punished, his ip is blocked. but at the same time, the other people who
> > use the same ip can't access some sites. that's not fair to them.
> > in a tcp connection, the receiver can get the source ip, namely,the
> > ip of the sender. i wonder does the receiver know the physical address
> > of the sender in a tcp connection?
>
> The receiver does not know and, in general, has no way to find out.
>
> That's rather the point of protocol layering.
>
> Each layer hides the irrelevant details of the layer below and presents
> a simplified interface for the layer above to interact with.
>
> Even if you managed to figure out a way to learn the bad guy's MAC
> address and stick it on a blacklist there's nothing to stop him from
> presentind a different forged new MAC address tomorrow and bypassing
> your list.
>
> Not only do you have no way to learn his MAC address, you have no way
> to verify his MAC address.
>
> And no, it is not the case that every computer has a unique physical
> address.


I think the last point deserves emphasis. IEEE-style assigned MAC
addresses are an artifact of some LANs. And in that scope the best we
can be fairly certain of is that all the machines on a single LAN (or
bridged/switched collection of LANs) will have unique MAC addresses.
But there is no hard requirement that these be globally unique, they're
even commonly changeable (the entire block of addresses beginning with
x'40' is reserved for such locally assigned addresses. Some (usually
high-end) hardware comes without assigned addresses at all, and you
*have* to assign an LAA which will certainly not be globally unique.
Plus there have been a bunch of cases of vendors failing to properly
assign globally unique MAC addresses to networking gear (and so long as
you don't get two devices with the same MAC address on the same LAN,
you pretty much fine).

Of course there are a huge number of non-LAN style connections in use,
many of which have no MAC address or anything like that (for example,
all the dial-up users in the world), and in some cases no IP address
assigned to the link either. And then you can bury all the "real"
stuff under a VPN too.

Oh, and of course there's no reason a machine can't have many MAC
addresses assigned to it, and little to prevent it from using different
ones for different packets in the same "conversation."

In article <1147425974.336498.59970@y43g2000cwc.googlegroups. com>,
samplestrategy@gmail.com wrote:

> hi, i often hear that "block ip", but i know every computer has an
> unique physical address, why we can't block physical address? you
> know,some counties, say,china, usually more than one user use the same
> ip, maybe one of them does something ' wrong ', then get
> punished, his ip is blocked. but at the same time, the other people who
> use the same ip can't access some sites. that's not fair to them.
> in a tcp connection, the receiver can get the source ip, namely,the
> ip of the sender. i wonder does the receiver know the physical address
> of the sender in a tcp connection?

What's the "physical address" of a computer on a dialup ISP?

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

samplestrategy@gmail.com wrote:
> hi, i often hear that "block ip", but i know every computer has an
> unique physical address, why we can't block physical address? you
> know,some counties, say,china, usually more than one user use the same
> ip, maybe one of them does something ' wrong ', then get
> punished, his ip is blocked. but at the same time, the other people who
> use the same ip can't access some sites. that's not fair to them.
> in a tcp connection, the receiver can get the source ip, namely,the
> ip of the sender. i wonder does the receiver know the physical address
> of the sender in a tcp connection?

somebody thought that by physical address you meant MAC Address.
Because, physical can mean physical LAN technology! infact it usually
does.

The physical address you mean, is not stored in data transmissions.
Nobody has a list of ALL IPs and their corresponding physical
addresses. Only each ISP knows that for his clients.