At 05:01 PM 11/12/97 +1100, Darren Reed wrote:
>In some mail from Jason Keimig, sie said:
>> So, in a nutshell, LOOKING at the layer-2 information will turn up 90% of
>> the offending hosts performing ANY kind of spoofing attack.
>Only if you're on the same LAN. All routers will replace the source MAC
>address with their own when routing.
Hackers can also burn their own PROMS, if they need to. At this point,
even Layer-2 info will be seen as valid on the same LAN (particularly
after a Denial-of-Service attack).
The opinions of the author of this mail may not necessarily be
representative of the opinions of Fortifed Networks, Inc.
Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800 Fax: (317) 573-0817