|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Ping flood? Whats the point?
From: Chuck Phillips (cdp
PEAKPEAK.COM)Date: Sat Feb 05 2000 - 13:06:57 CST
- Next message: Erik Fichtner: "Re: Named "Response from unexpected source""
- Previous message: CyberPsychotic: "Re: Strange traceroute"
- Next in thread: Kerry Baker: "Re: Ping flood? Whats the point?"
- Maybe reply: Chuck Phillips: "Re: Ping flood? Whats the point?"
- Reply: Kerry Baker: "Re: Ping flood? Whats the point?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andy David writes:
> The ip's of course were spoofed, but the only way I was really able to
> tell was after decoding some of the packets my firewall captured (from
> different ip's) I found that the senders MAC address was identical
> throughout the entire attack.
A common MAC address is to be expected if there is a common router between
you and the different IPs, spoofed or not. MAC addresses are useful for
debugging non-malicious problems on your local network and not a lot more.
Further, if someone r00ts a machine on your local network, even the MAC
address can be spoofed. Most modern NICs allow this. This "feature"
allows transparent fail over (no routing/arp changes), but it would be nice
if this feature required a _physical jumper change_ to enable and were
*not* enabled by default. Oh, well. Maybe someday the manufacturers will
catch on to this.
Chuck
- Next message: Erik Fichtner: "Re: Named "Response from unexpected source""
- Previous message: CyberPsychotic: "Re: Strange traceroute"
- Next in thread: Kerry Baker: "Re: Ping flood? Whats the point?"
- Maybe reply: Chuck Phillips: "Re: Ping flood? Whats the point?"
- Reply: Kerry Baker: "Re: Ping flood? Whats the point?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]