[Snort-users] Nice result with Snort.
goemon at ...20...
Mon Jan 29 15:27:48 EST 2001
On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> The guy that did this had masked his IP adres and the destination adres.
> But what he didn't mask (and is probebly much more difficult to mask)
> was his hardware adres
hardware address isn't transmitted over the internet.
you've identified mac address of your border router, nothing more.
01/27-06:08:52.384497 0:50:B:66:C0:0 -> 0:A0:C9:D9:0:87 type:0x800 len:0x3C
220.127.116.11:109 -> 18.104.22.168:109 TCP TTL:23 TOS:0x0 ID:39426 IpLen:20
00:50:0B -> Cisco Systems, Inc
00:A0:C9 -> Intel Corporation
It's packet with source hardware address of the @home cisco border router,
directed at your intel ethernet card.
More information about the Snort-users