Re: Mac address of hacked machine...

From: Andrew McNaughton (andrew@scoop.co.nz)
Date: 09/15/02

• Next message: Duncan Campbell: "A good reason to not have"
• Previous message: Jason Hunt: "Re: Mac address of hacked machine..."
• In reply to: Andrew G. Russell IV: "Mac address of hacked machine..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 15 Sep 2002 13:46:57 +1200 (NZST)
From: Andrew McNaughton <andrew@scoop.co.nz>
To: "Andrew G. Russell IV" <arussell@tyr.agrknives.com>

On Sat, 14 Sep 2002, Andrew G. Russell IV wrote:

> I have a machine that is hitting me with "kali" packets every few minutes.
> I've contacted the ISP, but they can't help unless I supply the MAC address.
>
> I've done tcpdump, I've arped, I suppose I don't know what I'm doing on this
> one. I've read all the HOWTOS that I can find, even linux ones... I've
> searched the archives, I guess I'm not asking the right question.
>
> I'm sure this will be a head smacker.
>
> Thanks for any help... And YES I am subscribed... ;->

Unless the attacker is on the same ethernet subnet, there's no way you can
know the MAC address, and the ISP is either clueless or deliberately
unhelpful.

If the person you are talking to knows enough to make use of a MAC
address, then they almost certainly know enough to know that you can't
provide one based on traffic seen outside of their network. That said,
it's quite possible that they are simply trying to follow something from a
helpdesk manual without knowing what the information they are supposed
to gather is about or for.

If you're dealing with clueless helpdesk staff, then try asking for
someone from their network operations team. they will need to be involved
to solve the problem anyway.

Do collect a tcpdump of the traffic demonstrating the problem, making sure
that the timestamps are accurate, and that you tell the ISP what timezone
you are in. The ISP should be able to identify which machine the IP
address was assigned to at that point in time.

Andrew McNaughton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Duncan Campbell: "A good reason to not have"
• Previous message: Jason Hunt: "Re: Mac address of hacked machine..."
• In reply to: Andrew G. Russell IV: "Mac address of hacked machine..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Wireless IP leads to arrest.. (UNCLASSIFIED) ... How would the ISP know the mac address? ... Wireless IP leads to arrest.. ... Sent from the Security Basics mailing list archive at Nabble.com. ... (Security-Basics) RE: Wireless IP leads to arrest.. (UNCLASSIFIED) ... If the system in question is DIRECTLY connected to the ISP ... connected the MAC of the router is ... Connect network gear, and go. ... ISP has a username and password in order to access their ... (Security-Basics) Re: Wireless IP leads to arrest.. (UNCLASSIFIED) ... Your Mac Address is tied to the hardware - anywhere you connect would get it. ... The ISP may not see it, but the local router surely will. ... Wireless IP leads to arrest.. ... Charges: Forgery 3rd, ... (Security-Basics) Re: Wireless IP leads to arrest.. (UNCLASSIFIED) ... Ahh yes, MAC address may be tied to hardware, but you can also change ... The ISP may not see it, but the local router surely will. ... Wireless IP leads to arrest.. ... Charges: Forgery 3rd, Identity Theft 3rd; Court: C/Dunkirk; Details of the ... (Security-Basics) Re: Wireless IP leads to arrest.. (UNCLASSIFIED) ... With wireless, unless the ISP itself is a wireless carrier (and I don't ... The mac address of the clients of the AP are not passed to ... Connect network gear, and go. ... (Security-Basics)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint