-4

I need to restrict the user's login based on their mac address,and I have deployed the project inside k8s, but there is a problem that I cannot get the mac address of the client.

I've tried these:

  1. Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces(); However, this method can only obtain the mac address of the server, not the mac address of the client.
  2. use 'arp -a ipaddress', because the project is deployed in k8s, you also cannot get the client's mac address

So, how can I get the mac address of the client? thanks a lot.

yameng chen
  • 5
  • 1
  • 6
    You can't. MAC addresses only exist in a local network. You cannot query MAC addresses from outside your local network. – knittl Aug 14 '23 at 07:03
  • 1
    Why do you need the MAC address of the requestor? You may want to reconsider your use case. Almost always you won't be able to see the mac address of the device where the request originated. – ashish.g Aug 14 '23 at 07:05
  • Do you need the MAC address of the client that sent the request or of the server interface that received it? – cyberbrain Aug 14 '23 at 07:52
  • @cyberbrain i just need the mac address of request. do you have any idea? – yameng chen Aug 14 '23 at 08:03
  • @knittl okkk, thanks for your reply – yameng chen Aug 14 '23 at 08:05
  • @ashish.g ok, thanks for your time. – yameng chen Aug 14 '23 at 08:05
  • 1
    The real question is: _why_ do you need this information? What are you going to do with the MAC address? – knittl Aug 14 '23 at 08:08
  • Are you aware that (1) MAC addresses are only unique within the subnet? (2) MAC address can usually be changed by the user? so therefore (3) MAC address is not a reliable unique identifier for anything other than the purpose for which it was devised? – user207421 Aug 14 '23 at 08:48

1 Answers1

1

As you want to read the MAC address of "the user" on the login, I suppose you mean the MAC address of the network interface that is used in the client machine to establish the network connection to the server.

Unfortunately this is not possible, because the networking stack that the internet protocol (IP) uses, keeps this information only for the local network. This doesn't even mean for the whole LAN, but only for the network segement a machine is directly connected to, so you can find the MAC address only for IP addresses that can be reached without using the configured "gateway".

Only for those IP addresses you could use the mentioned arp tool (ARP = address resolution protocol).

For all other addresses this information is not kept in the network packages.

But on the other hand it's good for you: The MAC address can easily be faked (this means that you can set any MAC address for any of your network interfaces if you know what to do, sometimes even the device drivers in Windows provide a nice UI for that...), so it is a very bad idea to rely on such information for a login.

Maybe a better solution would be to rely on a properly set up network infrastructure and limit the range of the allowed incoming IP addresses. While it's also not hard to fake the senders IP address in a network package, it is not useful for a login procedure because that usually needs an answer, and with a faked sender address, the answer will never reach the original sender.

cyberbrain
  • 3,433
  • 1
  • 12
  • 22