Date: Sat, 14 Sep 2002 17:39:34 -0700 From: Kevin Stevens <Kevin_Stevens@pursued-with.net> To: "Andrew G. Russell IV" <arussell@tyr.agrknives.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Mac address of hacked machine... Message-ID: <9B491C74-C843-11D6-8217-003065715DA8@pursued-with.net> In-Reply-To: <20020914192323.A10984@bifrost.agrknives.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday, Sep 14, 2002, at 17:23 US/Pacific, Andrew G. Russell IV wrote: > I have a machine that is hitting me with "kali" packets every few > minutes. > I've contacted the ISP, but they can't help unless I supply the MAC > address. > > I've done tcpdump, I've arped, I suppose I don't know what I'm doing > on this > one. I've read all the HOWTOS that I can find, even linux ones... > I've > searched the archives, I guess I'm not asking the right question. > > I'm sure this will be a head smacker. > > Thanks for any help... And YES I am subscribed... ;-> > > A.G. I'm not sure what MAC address they're asking for - you won't be able to provide the MAC for the attacking machine unless its on your own network segment. MACs have only local significance; once you pass a router they are substituted. You can see this by pinging several remote machines (www.yahoo.com, for example), and then looking at your arp table. You won't see a MAC for that IP address, only for your next-hop router. Or if you are using proxy-arp, you'll see the same MAC (your router's) for ALL non-local addresses. If you need the MAC address of your machine that is being attacked, you can get that from the "ether" portion of ifconfig. In short, the ISPs request seems confusing or unreasonable. Give us more detail. KeS BTW - I sure have spent a lot of money buying knives from you!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B491C74-C843-11D6-8217-003065715DA8>