Do you mean get the MAC address? If so MAC addresses aren't unique anymore, and how could you lookup what MAC address belongs to what IP? Philip Wagenaar > -----Original Message----- > From: James [mailto:jameshat_private] > Sent: maandag 7 januari 2002 1:47 > To: incidentsat_private > Subject: Re: Spoofed scans > > > Capture the data link layer and get the hardware address. > Perhaps this will indicate the true IP. > > > "Ask the plants of the earth and they will teach you." Job 12:8 > > ----- Original Message ----- > From: "Richard Arends" <richardat_private> > To: <incidentsat_private> > Sent: Sunday, January 06, 2002 4:41 AM > Subject: Spoofed scans > > > > Hello, > > > > Last couple of weeks i'm getting more and more spoofed scans on my > > firewall. All scans are icmp or port 53 (domain). Mostly > 'they' first > > send a few icmp packets and then a scan for port 53 trying to do a > > reverse lookup for my ip. > > > > Are there more seeing this type off scans and is there a way to > > substract the real scanner (ip) from the list ip's ??? > > > > Greetings, > > > > Richard. > > > > ---- > > An OS is like swiss cheese, the bigger it is, the more > holes you get! > > > > > > > ---------------------------------------------------------------------- > > ---- > -- > > This list is provided by the SecurityFocus ARIS analyzer > service. For > > more information on this free incident handling, management and > > tracking system please see: http://aris.securityfocus.com > > > > > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus ARIS analyzer > service. For more information on this free incident handling, > management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 08:21:20 PST