Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Typically, MAC is assigned by the hardware manufacturer (sometimes you can change/spoof it). IP is typically assigned either by the network administratior or DHCP. If all addresses were based on mac, you could easily intercept the messages from anyone. IP allows a layer of abstraction in which you can group multiple subnets into the same external IP or set up subnets within those subnets even.

Another problem is that numerous devices will share the same MAC address, it's just statistically unlikely to find them on the same network. It's an especially big problem with cheap/knockoff network equipment. See: http://www.linuxquestions.org/questions/linux-networking-3/m...



Actually the main problem of MAC vs IP, as the response states, is the lack of hierarchy vs the presence of it.

Both IPs and MACs can be changed by the administrators and both can be set such that duplicates exist in the network. However the fact that MACs are set by manufacturer makes them impossible to route as the values are not related to the network locations but related to hardware origin.

Edit: As one of the replies stated, they are also used in Stateless autoconfig in IPV6 (see: https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64)


MAC and IP are in two different layers of OSI model and while both are technically addresses, they are independent of each other and their role is different. Not every network uses IP addressing and not every device has a MAC address.


> If all addresses were based on mac, you could easily intercept the messages from anyone.

So you encrypt stuff you don't want anyone else to read. Security isn't the concern of the networking layers; it's all done, to the extent it is done, at the application layer.

That's the original design, anyway.

Edited to add: Well, the original original designs were by people who weren't thinking of security at all. That's why telnet and FTP are the way they are.

> Another problem is that numerous devices will share the same MAC address, it's just statistically unlikely to find them on the same network.

This, on the other hand, really is a perversion of the intended model. 48 bits was intended to be globally unique.


>it's all done, to the extent it is done, at the application layer.

Sometimes true but often not. Encryption can and does happen at various layers of the (OSI) networking stack (Secure Session Layer, Transport Layer Security, Internet Protocol Security).

>That's why telnet and FTP are the way they are.

Those programs are the way they are due to a holdover from the Unix philosophy: do one thing and do it well. Sure, functioning at all was more important than functioning securely. If you ran your connections over a VPN, SSL or IPSec line, the fact that telnet didn't also support encryption would be moot.

The Application layer is for the applications data. If you want to secure the transmission of that data, it shouldn't be up to each and every individual application to support encryption.

This is why things like IPv6 or SPDY/HTTP2 have baked-in encryption below the application layer.


48 bits was intended to be globally unique

And it well could be, but guaranteeing uniqueness is rarely as easy of a problem as you might wish.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: