IPv6 is what I'm using now. Also, the MAC address can be randomized so it's only good for the one session.
Why not invalidate the offending connection and see who comes to complain about the failure?
(Context is government scale, cyber security forensics)
I am a student learning networking (including cyber security). I have this question. Here is a scenario to make the question easier to understand.
- A house network is shared with 3 tenants T1, T2, T3
- T2 tenant engages in the malicious activities such as hacking websites, bank accounts and a lot more.
Now, I know that router will send the requests and when a response is received, the router will know which device to deliver the response to. As I know, router will send requests but will have only the mac address of the router and the ipv4 address of the router. Cyber Security Analysts can identify which location the activity has initiated but won't be able to find which tenant to accuse. (Well I know the owner of the network is liable, but let's keep that fact aside). How can we identify the device in question?


Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic