Re: Strange pings from 127.0.0.1
From: Ranjeet Shetye (ranjeet.shetye2_at_zultys.com)
Date: 06/25/04
- Previous message: Ranjeet Shetye: "Re: Which Windows OS is Safest"
- In reply to: Steven Trewick: "RE: Strange pings from 127.0.0.1"
- Next in thread: Timothy Schwimer: "RE: Strange pings from 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jun 2004 12:19:39 -0700 To: security-basics@securityfocus.com
* Steven Trewick (STrewick@joplings.co.uk) wrote:
>
> >Next, (assuming non-promiscuous mode of operation by the NIC) I fail to
> >understand how the author of this attack intends to reach his/her targets,
> >if the dest MAC addresses are fake! I might be missing something obvious,
> >so if someone can point it out to me, that would be great. thanks.
>
> The OP doesn't say what the SRC and DEST MAC are, (which would be helpful),
> but its entirely possible that they are multicast MAC addresses, which
> would be broadcast to every switch port.
>
> This is not always obvious if you don't know what to look for,
> multicast MAC addresses are identifiable by the low order bit of
> their first byte, if this is set to 1, (eg the byte is odd) the frame
> is multicast.
>
> To take an example, if the destination MAC address is 01:xx:xx:xx:xx:xx
> then it is a multicast address, same for 03:xx:xx:xx:xx:xx, but not
> for 02::xx:xx:xx:xx:xx
>
> See http://www.iana.org/assignments/ethernet-numbers for a discussion
> of MAC addressing in general, and an explanation (?) of MAC multicast
>
> While I doubt this is related to the OP's problem, I hope it will
> prove useful.
You are right, I made a bad assumption that if the MAC addresses were not
unicast (i.e. they were multicast or broadcast) the OP would have made
a specific mention of it.
-- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Ranjeet Shetye: "Re: Which Windows OS is Safest"
- In reply to: Steven Trewick: "RE: Strange pings from 127.0.0.1"
- Next in thread: Timothy Schwimer: "RE: Strange pings from 127.0.0.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
