Re: IP Spoofing / Mac adress

From: daniel uriah clemens (dclemens@inline.com)
Date: 10/19/01 

Date: Fri, 19 Oct 2001 14:54:20 -0500 (CDT)
From: daniel uriah clemens <dclemens@inline.com>
To: security <security@cdtel.fr>
Subject: Re: IP Spoofing / Mac adress
Message-ID: <Pine.BSF.4.21.0110191449210.56238-100000@ns1.inlinenet.net>

On Fri, 19 Oct 2001, security wrote:
 
> Hi everybody,
>
> One off my client have it's IP spoof by a hacker to attack his web
server.

Remember to initiate a http connection you must initiate a 3 way
handshake.

The probability of an attacker spoofing packets to your webserver is
not likely, while the source of the attack would most likely be coming
through a proxy etc...

> How can I retrieve the Mac adress in order to know if it's really my
client
> or this guy.

You would have had to follow the route trail from router to router to get
the mac address of that device that supposedly sent this packet to your
computer.
MAC address's will reside on the local lan segment.

> I have installed snort in order to know what he his doing on the
network.

This will tell you what KNOWN suspicious traffic might be going on within
your network, while tcpdump will help you analyze.

> Thanks for help.
> Aurlien.
>

Simply,

Daniel Uriah Clemens

- dclemens@inline.com

"The right to freedom being the gift of God Almighty, it is not in the
power of man to alienate this gift and voluntarily become a
slave." --Samuel Adams

On Fri, 19 Oct 2001, security wrote:

> Hi everybody,
>
> One off my client have it's IP spoof by a hacker to attack his web server.
> How can I retrieve the Mac adress in order to know if it's really my client
> or this guy.
> I have installed snort in order to know what he his doing on the network.
>
> Thanks for help.
> Aurélien.
>
>