Re: Strange pings from

From: Ranjeet Shetye (
Date: 06/25/04

  • Next message: Alexandre Zglav: "Re: Personal firewall for lambda users"
    Date: Fri, 25 Jun 2004 12:19:39 -0700

    * Steven Trewick ( wrote:
    > >Next, (assuming non-promiscuous mode of operation by the NIC) I fail to
    > >understand how the author of this attack intends to reach his/her targets,
    > >if the dest MAC addresses are fake! I might be missing something obvious,
    > >so if someone can point it out to me, that would be great. thanks.
    > The OP doesn't say what the SRC and DEST MAC are, (which would be helpful),
    > but its entirely possible that they are multicast MAC addresses, which
    > would be broadcast to every switch port.
    > This is not always obvious if you don't know what to look for,
    > multicast MAC addresses are identifiable by the low order bit of
    > their first byte, if this is set to 1, (eg the byte is odd) the frame
    > is multicast.
    > To take an example, if the destination MAC address is 01:xx:xx:xx:xx:xx
    > then it is a multicast address, same for 03:xx:xx:xx:xx:xx, but not
    > for 02::xx:xx:xx:xx:xx
    > See for a discussion
    > of MAC addressing in general, and an explanation (?) of MAC multicast
    > While I doubt this is related to the OP's problem, I hope it will
    > prove useful.

    You are right, I made a bad assumption that if the MAC addresses were not
    unicast (i.e. they were multicast or broadcast) the OP would have made
    a specific mention of it.

    Ranjeet Shetye
    Senior Software Engineer
    Zultys Technologies
    Ranjeet dot Shetye at Zultys dot com
    The views, opinions, and judgements expressed in this message are solely those of
    the author. The message contents have not been reviewed or approved by Zultys.
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at:

  • Next message: Alexandre Zglav: "Re: Personal firewall for lambda users"