Great Circle Associates Firewalls
(November 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Hijak detection
From: Darren Reed <avalon @ coombs . anu . edu . au>
Date: Wed, 12 Nov 1997 17:01:18 +1100 (EDT)
To: jkeimig @ idir . net (Jason Keimig)
Cc: doy @ indo-mail . com, adam @ homeport . org, brad @ freedom . gmsociety . org, circle @ cali-net . com, morrow . long @ yale . edu, frankw @ in . net, anarch @ freedom . gmsociety . org, firewalls @ GreatCircle . COM
In-reply-to: <Pine . LNX . 3 . 96 . 971108001640 . 4739B-100000 @ cypress . idir . net> from "Jason Keimig" at Nov 8, 97 01:06:27 am 
In some mail from Jason Keimig, sie said:
> 
>   So, in a nutshell, LOOKING at the layer-2 information will turn up 90% of
> the offending hosts performing ANY kind of spoofing attack.

Only if you're on the same LAN.  All routers will replace the source MAC
address with their own when routing.
References:
Indexed By Date Previous: help about cisco 2511 config
From: tj @ elephant . istiy . yn . cn
Next: problem with netscape 3 - no firewall content
From: sz-techserv <hostmaster @ presidency . com>
Indexed By Thread Previous: Re: Hijak detection
From: Jason Keimig <jkeimig @ idir . net>
Next: Re: Hijak detection
From: Frank Willoughby <frankw @ in . net>
Google
 
Search Internet Search www.greatcircle.com