Question on Mac-Binding o

Hey, guys I have a question… A lot of internet suspension orders make reference to Mac-binding of IP addresses. Could someone provide me with a simplex explanation of what that means and its implications, from a user standpoint? So for instance, what does such a measure limit for a user’s internet experience?

Thanks in advance!


TL;DR: “MAC binding” ensures that a computer (or phone) always receives the same IP address, which makes tracking users easier for the state.

IP addresses, like are assigned to your computer by the ISP. Because of IPv4 exhaustion, ISPs tend to reuse and allocate them on demand, whenever devices come online. As a result the IP address of a device keeps changing.

MAC addresses, like 01:23:45:67:89:AB, are assigned to your device by the manufacturer and is typically hard to change. (More so on a phone than a computer.)

Websites and services you access, including VPN providers, can see your IP address, but only the ISP can see your MAC address. MAC binding means that the ISP remembers your MAC address and ensures that the same IP address is allocated to the device.

You can do something like this on most home WiFi. For example, I have a wireless printer at home, and I have used MAC binding to make sure the router always gives it the same IP address, helping computers on the network find the printer more easily.


Thank you so much for clearing that up!

Thank you @aravind. You are awesome! :grinning:

Is there any difference between this Mac Binding, and the static IP facility that can be bought from various ISPs? Or are they providing the costly static IP service for free?

Most modern operating systems(android 10, opensuse, etc) now randomize the mac address of the devices while connecting to the router, but its the router itself that’s actually hard to change the mac-address of.

1 Like

Huh, TIL. Guess it makes sense for roaming devices (phones/laptops).

It’s not guaranteed that you’ll get the same IP everytime, they just try to do that.

Could someone provide me with a simplex explanation of what that means and its implications, from a user standpoint?

MAC is short for media access control address – a unique ID that every network interface (NIC) controller has. The NIC is the piece of hardware that does the actual exchange of packets – or chunks of data – when your surf. Hardware vendors have their own MAC prefixes, and you can look up who manufactured your NIC, simply by searching for the OEM prefix (first 24-bits in an universal address). Given it’s ubiquity and uniqueness, it is often used a proxy to identify machines in a network (and often outside).

A number of software, including games, back in the day would save this MAC to assign licenses. This was/is a poor design choice of course, but crypto wasn’t as easy back then. This would be one kind of MAC Binding.

The other, more popular form of MAC Binding is of course MAC and IP Binding. This allows you to assign a static address i.e. the same IP address remains the same every time the computer asks for one (say, after a reboot). Note that assigning a static address on one device does not prevent other devices on the same network from opting for dynamic addresses. However for IP and MAC binding to work remember you need two things – the DNS provider (a program that typically runs on your router) has to know your MAC, and your device has to be set up to use static addresses.

In fact, MAC addresses are so popular that we use those even in IPv6.

Now, to clarify what @aravind wrote: Your ISP only knows your advertised WAN MAC address. Phew! That’s a lot of things to parse. So, take it easy. Remember every NIC has a MAC? Your router – the thing that connects your home network to the world wide web actually has at least 2 such NICs, and thusly, two MACs. The MAC of the NIC the router uses to talk to your home devices – the LAN network – would be the LAN MAC; the one the router uses to talk to your ISP – the WAN – would be the WAN MAC. So, that’s what Airtel/BSNL/ACT or whoever you use, see. Now comes the interesting bit – you can change your MAC (on both Linux and Windows). So, as long as you use the right format, you can set it to be whatever you want it.

Why would you want custom MAC addresses?

Well, local ISPs often bind to MAC to ensure that only paying customers use their services. (Remember bad design choices?) This is a PITA every time your router breaks and you get a new one, as you gotta call customer care up, and ask them nicely to fix your internet. And oh, trust me, consumer routers break pretty often, especially in the rainy season. So, instead of spending half a day subjecting yourself to crappy customer care, you use synthetic MAC addresses. And you put just one such on your WAN side NIC. And be done, like for ever, with calling ISP customer care.

So for instance, what does such a measure limit for a user’s internet experience?

Not much, if you know what you’re doing.