[Snort-users] Nice result with Snort.

Dan Hollis goemon at ...20...
Mon Jan 29 15:27:48 EST 2001

On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> The guy that did this had masked his IP adres and the destination adres.
> But what he didn't mask (and is probebly much more difficult to mask)
> was his hardware adres

hardware address isn't transmitted over the internet.

you've identified mac address of your border router, nothing more.

01/27-06:08:52.384497 0:50:B:66:C0:0 -> 0:A0:C9:D9:0:87 type:0x800 len:0x3C -> TCP TTL:23 TOS:0x0 ID:39426 IpLen:20

00:50:0B -> Cisco Systems, Inc
00:A0:C9 -> Intel Corporation

It's packet with source hardware address of the @home cisco border router,
directed at your intel ethernet card.


More information about the Snort-users mailing list