I'm not sure how without a firewall... but one thing I will tell you that it is extremely easy to change your MAC address and it's a poor method of security. For example my University charge £160 for your room internet connection, but its based on MAC address restrictions. So only the MAC address of those that have paid can use the internet. By simply providing a few friends the same MAC address as me, they are able to use the internet freely. Yes you can have problems attributed to the same MAC address, but that's another issue that hasn't arisen for me...
I was able to get the MAC address of a problem user. Is there anyway to ban a person by MAC Address on a Windows 2003 server?
The problem user is on your local LAN?
MAC addresses only have significance on your local LAN segment to pass frames around between connected devices; they are different after every layer3 hop. In a hosting environment, all of the traffic will be sourced from the MAC address of the upstream router.
Enterprise Network Engineer :: Hosting Hobbyist :: Master of Procrastination
"The really cool thing about facts is they remain true regardless of who states them."
Banning MAC is not a good idea since packets may travel through multiple routers before reaching you. The MAC address stored in the packet is the last router the packet travels through, therefore if you knew someones MAC address, you cannot ban them by MAC address unless you had a direct connection (i.e. in a LAN) to that person.
It won't make any difference. An end user's MAC address will never be transmitted to your server. Your server will never see the end user's MAC address (unless its just a direct connection, which I just do not think this is the case). MAC addresses are not routable, they are point to point. This means that if the AOL user is connected to a router that is connect to their modem that is connected to their ISP which connects to the Internet (and who knows where it actually connect) then eventually to your datacenter where it goes through some more routers and finally to your server. MAC addresses are only transmitted at a single hop.
The MAC address of the end user's NIC will go to the end user's router. This way the router knows which machine it is talking to. Then it sends the packet onto the Cable or DSL modem. At this point the end user's NIC MAC address is lost. The MAC address transmitted to the modem is the router's MAC address. Then from the modem to the ISP transmits the modem's MAC address. As you can see, by the time the packet leaves the end user's router, the MAC address of the original NIC is lost. This is because MAC addresses are part of the hardware layer in the network methodolgy and is not routable over networks, its just point to point.
Technically, unless the AOL user is using AOL Broadband or AOL DSL, they will not even have a real MAC address associated with their internet connection. MAC addresses are layer 2 address that are only valid on ethernet segments, and are completely ripped away from TCP/IP packets when they hit a router or other layer 3 device. If I remember correctly (been years since I've used dial-up), dial-up connections will get nothing more than a pseudo-MAC address (i.e., some made up MAC address).
How did you acquire their MAC address? Did you ask them directly, or did you use some other local tool to trace it down? If you asked them directly, then it may actually be from an ethernet card in the computer that isn't even associated with their internet connection. If you used some local tool, then if you filter the MAC address you found, you will end up taking your own server offline, since the only MAC address you can possibly acquire would be the one to your default router.