Re: Mac address of hacked machine...

From: Kevin Stevens (Kevin_Stevens@pursued-with.net)
Date: 09/15/02 

Date: Sat, 14 Sep 2002 17:39:34 -0700
To: "Andrew G. Russell IV" <arussell@tyr.agrknives.com>
From: Kevin Stevens <Kevin_Stevens@pursued-with.net>

On Saturday, Sep 14, 2002, at 17:23 US/Pacific, Andrew G. Russell IV
wrote:

> I have a machine that is hitting me with "kali" packets every few
> minutes.
> I've contacted the ISP, but they can't help unless I supply the MAC
> address.
>
> I've done tcpdump, I've arped, I suppose I don't know what I'm doing
> on this
> one. I've read all the HOWTOS that I can find, even linux ones...
> I've
> searched the archives, I guess I'm not asking the right question.
>
> I'm sure this will be a head smacker.
>
> Thanks for any help... And YES I am subscribed... ;->
>
> A.G.

I'm not sure what MAC address they're asking for - you won't be able to
provide the MAC for the attacking machine unless its on your own
network segment. MACs have only local significance; once you pass a
router they are substituted.

You can see this by pinging several remote machines (www.yahoo.com, for
example), and then looking at your arp table. You won't see a MAC for
that IP address, only for your next-hop router. Or if you are using
proxy-arp, you'll see the same MAC (your router's) for ALL non-local
addresses.

If you need the MAC address of your machine that is being attacked, you
can get that from the "ether" portion of ifconfig.

In short, the ISPs request seems confusing or unreasonable. Give us
more detail.

KeS

BTW - I sure have spent a lot of money buying knives from you!!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Wireless IP leads to arrest.. (UNCLASSIFIED)
    ... How would the ISP know the mac address? ... Wireless IP leads to arrest.. ... Sent from the Security Basics mailing list archive at Nabble.com. ...
    (Security-Basics)
  • RE: Wireless IP leads to arrest.. (UNCLASSIFIED)
    ... If the system in question is DIRECTLY connected to the ISP ... connected the MAC of the router is ... Connect network gear, and go. ... ISP has a username and password in order to access their ...
    (Security-Basics)
  • Re: Wireless IP leads to arrest.. (UNCLASSIFIED)
    ... Your Mac Address is tied to the hardware - anywhere you connect would get it. ... The ISP may not see it, but the local router surely will. ... Wireless IP leads to arrest.. ... Charges: Forgery 3rd, ...
    (Security-Basics)
  • Re: Wireless IP leads to arrest.. (UNCLASSIFIED)
    ... Ahh yes, MAC address may be tied to hardware, but you can also change ... The ISP may not see it, but the local router surely will. ... Wireless IP leads to arrest.. ... Charges: Forgery 3rd, Identity Theft 3rd; Court: C/Dunkirk; Details of the ...
    (Security-Basics)
  • Re: Wireless IP leads to arrest.. (UNCLASSIFIED)
    ... With wireless, unless the ISP itself is a wireless carrier (and I don't ... The mac address of the clients of the AP are not passed to ... Connect network gear, and go. ...
    (Security-Basics)