RE: UPDATE: more SSH hacking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scot L. Harris wrote:
> On Tue, 2004-08-10 at 09:11, Erik Espinoza wrote:
>> ipv4 and ipv6 operate at a layer that is different from the physical
>> card. There is no such thingas an ipv6 mac address.
> 
> I stand corrected.  What looks like a MAC address does look weird.
> Unless that is not a MAC address?
> 
>>> Aug 10 03:45:24 evv kernel: firewall: IN=eth1 OUT=
> MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84
> DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18935 DF
> PROTO=TCP SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
>>> Aug 10 03:45:30 evv kernel: firewall: IN=eth1 OUT=
> MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84
> DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=20211 DF
> PROTO=TCP SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0

The netfilter package does log the mac addresses in a hard to visually
decode format. 

Using the above MAC= entry:

MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00

00:00:c0:d9:5b:98 = destination MAC
00:01:30:08:dc:00 = source MAC
08:00             = ethernet frame type - ipv4

Steve Cowles



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux