Re: UPDATE: more SSH hacking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-08-10 at 09:58, Scot L. Harris wrote:
> On Tue, 2004-08-10 at 09:11, Erik Espinoza wrote:
> > ipv4 and ipv6 operate at a layer that is different from the physical
> > card. There is no such thingas an ipv6 mac address.
> 
> I stand corrected.  What looks like a MAC address does look weird. 
> Unless that is not a MAC address?
> 
> > > Aug 10 03:45:24 evv kernel: firewall: IN=eth1 OUT=
> MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84
> DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18935 DF PROTO=TCP
> SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
> > > Aug 10 03:45:30 evv kernel: firewall: IN=eth1 OUT=
> MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84
> DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=20211 DF PROTO=TCP
> SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
> > >
> 

Scott,

Actually, the MAC= is the entire Layer 2 header.  It is the Destination
MAC, followed by the Source MAC, and finally the "EtherType" field.  So
apparently using Ethernet v2 framing as opposed to one of the IEEE
sanctioned ones...

So, in your case:

Destination MAC: 00:00:c0:d9:5b:98
Source MAC: 00:01:30:08:dc:00
EtherType: 08:00

Remember that MAC addresses are for the local LAN segment, so it is
probably between a machine and a router....

Also, the EtherType of 0800 is for "IP", essentially a flag to tell a
system what Layer 3 handler to pass up to.

HTH,

--Rob




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux