Security Basics mailing list archives
Re: Strange pings from 127.0.0.1
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Fri, 25 Jun 2004 12:19:39 -0700
* Steven Trewick (STrewick () joplings co uk) wrote:
Next, (assuming non-promiscuous mode of operation by the NIC) I fail to understand how the author of this attack intends to reach his/her targets, if the dest MAC addresses are fake! I might be missing something obvious, so if someone can point it out to me, that would be great. thanks.The OP doesn't say what the SRC and DEST MAC are, (which would be helpful), but its entirely possible that they are multicast MAC addresses, which would be broadcast to every switch port. This is not always obvious if you don't know what to look for, multicast MAC addresses are identifiable by the low order bit of their first byte, if this is set to 1, (eg the byte is odd) the frame is multicast. To take an example, if the destination MAC address is 01:xx:xx:xx:xx:xx then it is a multicast address, same for 03:xx:xx:xx:xx:xx, but not for 02::xx:xx:xx:xx:xx See http://www.iana.org/assignments/ethernet-numbers for a discussion of MAC addressing in general, and an explanation (?) of MAC multicast While I doubt this is related to the OP's problem, I hope it will prove useful.
You are right, I made a bad assumption that if the MAC addresses were not unicast (i.e. they were multicast or broadcast) the OP would have made a specific mention of it. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Strange pings from 127.0.0.1, (continued)
- Re: Strange pings from 127.0.0.1 Alan Hicks (Jun 23)
- Re: Strange pings from 127.0.0.1 Kelly John Rose (Jun 23)
- RE: Strange pings from 127.0.0.1 David Gillett (Jun 24)
- RE: Strange pings from 127.0.0.1 Andrew Aris (Jun 24)
- Re: Strange pings from 127.0.0.1 Kelly John Rose (Jun 25)
- Re: Strange pings from 127.0.0.1 SecurityFocus Lists (Jun 24)
- Re: Strange pings from 127.0.0.1 Kelly John Rose (Jun 25)
- RE: Strange pings from 127.0.0.1 David Gillett (Jun 25)
- Re: Strange pings from 127.0.0.1 Ranjeet Shetye (Jun 26)