Full Disclosure mailing list archives
Re: Linux - Indicators of compromise
From: Giles Coochey <giles () coochey net>
Date: Wed, 25 Jul 2012 12:04:55 +0100
On 18/07/2012 13:10, Григорий Братислава wrote:
On Wed, Jul 18, 2012 at 3:18 AM, Giles Coochey <giles () coochey net> wrote:Is you have much more to worry than is ICMP/GRE tunnels. Is I send to Broadcast and I am is on your network, how do you is plan to pinpoint who I am when is everyone see broadcastBy your source MAC address -- Regards,Really? I am so glad your company is has you for security. So a message is broadcast to everyone. Everyone on say is /21 is listen and you is going to pick me out, out of is everyone else who is listen? Genius! Nobel Prize A+++ number one is seller! Is not only is idea you mention genius, is good that no one can is change their MAC address! Is proof MusntLive must go back is study CISSP and now is CCNA
If you broadcast using a MAC address you are on the same subnet, layer 2.On a wired network I don't really care whether you spoofed your mac address or not, you still registered the mac address on the switch, and I can see what port you connected to. Then I just need to follow the cable to find you.
In any case, this is an internal intrusion or post-exploitation issue we're talking about, not an external one, assuming the layer-2 environment has a modicum of protection.
-- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles () coochey net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux - Indicators of compromise, (continued)
- Re: Linux - Indicators of compromise Michael Stummvoll (Jul 16)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 16)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Benji (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 17)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 17)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 19)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Message not available
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Re: Linux - Indicators of compromise Leutnant Steiner (Jul 20)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 25)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 25)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 28)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 30)
- Re: Linux - Indicators of compromise jerry (Jul 28)