Great Circle Associates Firewalls
(November 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Hijak detection
From: Frank Willoughby <frankw @ in . net>
Date: Wed, 12 Nov 1997 08:22:23 -0500
To: Darren Reed <avalon @ coombs . anu . edu . au>
Cc: jkeimig @ idir . net (Jason Keimig), doy @ indo-mail . com, adam @ homeport . org, brad @ freedom . gmsociety . org, circle @ cali-net . com, morrow . long @ yale . edu, frankw @ in . net, anarch @ freedom . gmsociety . org, firewalls @ GreatCircle . COM
In-reply-to: <9711120606 . AA22000 @ su1 . in . net>
References: <Pine . LNX . 3 . 96 . 971108001640 . 4739B-100000 @ cypress . idir . net> 
At 05:01 PM 11/12/97 +1100, Darren Reed wrote:
>In some mail from Jason Keimig, sie said:
>> 
>>   So, in a nutshell, LOOKING at the layer-2 information will turn up 90% of
>> the offending hosts performing ANY kind of spoofing attack.
>
>Only if you're on the same LAN.  All routers will replace the source MAC
>address with their own when routing.

Hackers can also burn their own PROMS, if they need to.  At this point, 
even Layer-2 info will be seen as valid on the same LAN (particularly 
after a Denial-of-Service attack).

Best Regards,


Frank
The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800     Fax: (317) 573-0817
Follow-Ups:
References:
Indexed By Date Previous: Re: Hijak detection
From: Frank Willoughby <frankw @ in . net>
Next: Re: Re[2]: Summary on Java Sanity Check
From: "Michael H. Warfield" <mhw @ wittsend . com>
Indexed By Thread Previous: Re: Hijak detection
From: Frank Willoughby <frankw @ in . net>
Next: Re: Hijak detection
From: Darren Reed <avalon @ coombs . anu . edu . au>
Google
 
Search Internet Search www.greatcircle.com