No clue about Windows, but PPP itself doesn't always need a unique
identifier because the wire itself is a unique physical identifier.

It's not the same as Ethernet. The places where unique identifiers
are needed are few, but:

- You might consider the IP addresses at each end of the link to be
unique identifiers. They're clearly unique -- in any functioning
internet -- and they're clearly something that identifies the link
itself.

- The authentication protocols naturally require you to provide
identifying information of some sort -- typically a user name and
password. I don't think there are ISPs that will establish a link
without some form of identification (though I guess it's
posssible).

- RFC 1990 multilink operation contains an endpoint identifier. The
use of it is so that the PPP peer can determine whether two links
are terminated on the same remote box. You can put anything you
want there -- not just a MAC address, though that's convenient and
common -- and it's not actually required for multilink operation.
It just helps make sure mistakes don't happen.

- IPX uses MAC addresses to identify nodes within a network. If you
still use IPX (really? in 2008?), then you'll end up with those
MAC addresses exchanged with others.

- Similarly, ISO systems use MAC addresses to construct Network
Entity Titles (NET), which are used in routing. If you're
forwarding that stuff, then you may be leaking MAC information.

- Dial-back protocols tend to include identifying information,
namely a telephone number (which is far more identifying than is a
MAC address). But on a telephone link, you give away your
identity when you first dial in anyway.

- IPv6 uses 64-bit identifiers for the endpoint addresses. Those
are typically generated using a local available MAC address (when
possible) as keeping the same IPv6 address over time is generally
considered A Good Thing for applications, but any stable number
will work. (And even a random number is ok, as long as you don't
care about application goodness.)

There may be other cases, but those are the ones that come to mind.

I think your fears are _far_ overblown, but if you're still concerned
about the issues here, I suggest you read the RFCs or find a book
about PPP itself. There is at least one that goes into detail about
how the protocol works.

On Fri, 14 Mar 2008, in the Usenet newsgroup comp.protocols.ppp, in article
I believe you are referring to the meaningless techno-babble that
microsoft lists under the DOS command "ipconfig /all" (note - I quit
using windoze in 1992, so I'm not sure what icon you click to run that
command). You'll see something like

PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.9.201
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

The "Physical Address" is totally meaningless (it's an ASCII string,
here, the letters "SE"). A serial port doesn't have a hardware address
such as is needed on Ethernet.

To see the information your windoze box is sending and receiving, you
could turn on PPP connection logging (I'm told it is a click box in
your ISP's icon under Properties -> Server Types ->Record a log file).
DO NOT POST THIS LOG, as it is very large, and full of techno-babble
meant to intimidate users, and consequently few people even know that
it exists, let alone how to try to read it. Find a friend who also
uses dialup and XP, and _you_ compare the ppp logs. You won't find
any secret identifiers unless you are using multi-link or IPv6.

PPP is not your security problem. You are far easier to trace because
of data your normal applications (such as your browser) return to
anyone who asks.

Old guy