IPTV stream through a mac address -- help needed

[gazupnorth]

Hi Guys and Gals, just after a bit of info if possible...
I currently have a very nice contact that I have purchased an annual sub from for my IPTV streams. I get a .m3u file from him which I can then use on my PC to watch on VLC or via my Fire TV stick on IPTV smarters. I'm quite happy with the service but occasionally when there is a big footy match on my ISP blocks it and I can't get any streams.
My contact also offers access to a "premium server" ??? (four times the price that I pay for my standard sub !!)

This can only be used on one device via a mac address , whatever that is ??
I would have to use STBemu (I think that the app on the Firestick) BUT he says my ISP won't be able to block my footy streams, which is what makes it interesting for me, I really can't be bothered messing about with a VPN.

My question is :- "Using a mac address does it actually guarantee that my ISP can't block my streams ???"

or is he just after more money from me ???

 

[river4ever]

He is just after more money.
Mac address will not make difference, unless he puts you on another domain/server thats not been picked up.
A VPN will also get around the block.

 

[gazupnorth]

Thanks mate, thats what I thought ..

 

[turner brown]

the mac address is just a away to authorise the device and secure him a little better from hacking attacks but as said a vpn should sort out blocking
or change bb supplier to one that does't block like vodaphone or some other smaller providers as the court order only names the big suppliers

 

[gazupnorth]

thanks turner brown.... I have a VPN that I bought but it looks a bit of a faff to get it up and running on Firestick.

 

[Spectre]

the mac address is just a away to authorise the device and secure him a little better from hacking attacks but as said a vpn should sort out blocking
or change bb supplier to one that does't block like vodaphone or some other smaller providers as the court order only names the big suppliers

I'm not into subscribed IPTV but how do they use a MAC address for authentication?

It must be something that runs on your local PC as the MAC from your PC and modem get changed when packets get routed in the network.

 

[river4ever]

Im unsure how mac address give extra security also as the portal address is same gateway to domain/server?

 

[turner brown]

no sure how there doing it but its not the first time i have heard it being asked for by a server and other devices dont work

 

[Spectre]

no sure how there doing it but its not the first time i have heard it being asked for by a server and other devices dont work

I've seen it too, just wondering how it works. Maybe client software passes it in the packet?

 

[river4ever]

no sure how there doing it but its not the first time i have heard it being asked for by a server and other devices dont work

If anything suppliers refuse to give out M3U for hijacking reasons.
There is no reason a server is protected by using mac address as DNS must be issued in portal to connect to server/domain.
Once that is issued the powers above have those details and can block it, as court order give those permission to do.
Usually affects those selling all over the place as they dont know who is buying.
Info can always be captured over WS anyway.

As said 100000 times before.... you advertise all over the place it will get EPL blocks.
Of the radar is the only way. That sounds easier said than done as it takes money to keep streams live.

ITS NOT LIKE C/S!!!

 

[Him Her]

I've seen it too, just wondering how it works. Maybe client software passes it in the packet?

It must be client software driven as MAC is a Layer II technology and the router would mask it. The MAC the ISP 'sees' by default is on the external interface of the router, the ISP can't 'see' internal MACs as Layer II is a broadcast technology.Something would have to pass the MAC as the router is a Layer III device.

 

[gazupnorth]

Not sure if it helps guys ..... I just pass my supplier with my fire TV stick's mac address and he it then streams into stbemu ????

 

[janobi]

It must be client software driven as MAC is a Layer II technology and the router would mask it. The MAC the ISP 'sees' by default is on the external interface of the router, the ISP can't 'see' internal MACs as Layer II is a broadcast technology.Something would have to pass the MAC as the router is a Layer III device.

Not quite right. Whilst a MAC address is l2, a router interface doesn't have a MAC. It would be a l3 as it would use IP and not a MAC.

What I think you mean, is the ISP would see the MAC of the router, and not of the interface. MACs can be used for security/authentication, but you can also use them to route traffic ISIS or fabricpath for instance use L2 over L3 or mac in mac routing.

Im not entirely sure how IPTV protocols work, but i'd imagine it's something like this;

Server has an IP that you connect to, remember DNS means nothing to a network, it's not required as everything is routed via IP. You connect to the server via an IP, it has an any any rule of some sort allowing any IP to connect. On the server will be some software that requires a MAC address to authenticate further. You provide the MAC as a way of authenticating to the server, challenge/response.

I think that's what him her was saying in a round about way, and I may have over thought their response

 

[Him Her]

Actually the router does have a MAC address, if it didn't then ARP would fail which would break the network.

The Firestick is essentially an embedded device with installable apps, the streamer can check the MAC address of the Firestick by enquiry and compare with the MAC address you provide. If they match you get the stream. The client must initiate the connection as the streamer can't do this.

 

[Hippie]

StbEmu emulates MAG boxes
MAG boxes are authenticated on the system by their MAC address in the format 00:1A:79:xx:xx:xx
This system is less secure than using a username and password to login as we can generate all the possible MAC combinations and try to log in with every single one of them if we like.
They can add another layer of security by using the box ID or a user/pass but it's rare for them to do that.

A VPN should bypass the blocks but a lot of servers ban VPN IPs automatically as a reaction to people bruteforcing as above, sorry bout that

 

[janobi]

Actually the router does have a MAC address, if it didn't then ARP would fail which would break the network.

The Firestick is essentially an embedded device with installable apps, the streamer can check the MAC address of the Firestick by enquiry and compare with the MAC address you provide. If they match you get the stream. The client must initiate the connection as the streamer can't do this.

Not sure who or what you’re replying to. But my post clearly states the router has a Mac. But an interface doesn’t. Of course the device would have a Mac or as you said ARP wouldn’t work.

As for generating every possible Mac and brute forcing it, that’s just not viable. I can’t be bothered to do the maths but it’s a massive number. You brute force the panel as they normally use generic passwords and the software isn’t updated to patch known vulnerabilities.

@Him Her I hold a CCNP in DC

 

[Spectre]

Not sure who or what you’re replying to. But my post clearly states the router has a Mac. But an interface doesn’t. Of course the device would have a Mac or as you said ARP wouldn’t work.

As for generating every possible Mac and brute forcing it, that’s just not viable. I can’t be bothered to do the maths but it’s a massive number. You brute force the panel as they normally use generic passwords and the software isn’t updated to patch known vulnerabilities.

@Him Her I hold a CCNP in DC

256^6 .

 

[VectorZ]

A machines MAC addy is easily retrievable through the networkinterface class, available through the system.net.networkinformation .net assembily or equivalent in most languages, and is routinely passed at software level.

I've had to use it several times in the past for jobs needed to lock down licensing at device level. Easily spoofed yes but 9 times out of 10 reliable in legit use.

It's possible your provider has a seperate server/reseller source he uses for his premium service that isn't widely in use and less likely to be caught in the net of ip bans.

 

[river4ever]

StbEmu emulates MAG boxes
MAG boxes are authenticated on the system by their MAC address in the format 00:1A:79:xx:xx:xx
This system is less secure than using a username and password to login as we can generate all the possible MAC combinations and try to log in with every single one of them if we like.
They can add another layer of security by using the box ID or a user/pass but it's rare for them to do that.

A VPN should bypass the blocks but a lot of servers ban VPN IPs automatically as a reaction to people bruteforcing as above, sorry bout that

Most ban VPNs for abuse of multi-connections also. If 3 or 4 clients connect to the same VPN server running the same IP address that can be seen as abuse, some suppliers have a method of preventing it, so many dont.
The IP*V supplier can see it on the server panel if checked.
Something like:
connections-1/1 (224.14.119.35)

Trying to reshare will show:
connections-3-1 (224.14.119.35)
It can also be done on STBemu as mac address can be changed.


That usually results in a ban.

 

[Him Her]

Not sure who or what you’re replying to. But my post clearly states the router has a Mac. But an interface doesn’t. Of course the device would have a Mac or as you said ARP wouldn’t work.

@Him Her I hold a CCNP in DC

Could I suggest you consult your notes? Cisco routers have a base MAC, a unique MAC for each physical interface and another for each virtual interface. There may be additional MAC addresses depending on installed hardware (i.e. switch module) etc. In 'enable' mode type 'show int(erfaces)' to view them.

P.S. I was working with Cisco kit when it was a start-up company