On Wednesday 2005-September-28 15:49, Piotr Holubniak wrote:
> Lest assume that spoofed address is IP which is not assignet in the
> local network. Netfilter logs incomming traffic but it shows MAC
> address unknown or completely unpredictable (Windows shows all 0-ros,
The MAC address is a layer 2 thing. It is only seen within a physical
Ethernet segment. BTW/FYI, those are easily spoofed too; see ip(8) and
ifconfig(8).
> How can I make netfilter to log MAC address of the attackers
> computer, not this one which is resolved by TCP/IP stack ? Is it
> possible?
Not that I know of. You don't see MAC addresses outside your segment.
Not seeing them is a pretty strong indicator that they won't be logged.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
