[Snort-users] Nice result with Snort.

Dan Hollis goemon at ...20...
Mon Jan 29 16:18:24 EST 2001


On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> The HW I got from the packet is the HW of a system within my own segment and
> they can be obtained from packets where the IP adres is not masked. At least,
> that is what I know about it.

But you still haven't identified the attacker.

The only way you could identify them from the mac address is if they were
on your same ethernet segment.

-Dan





More information about the Snort-users mailing list