[Snort-users] Nice result with Snort.

Jan Hugo Prins j.h.prins at ...1226...
Mon Jan 29 16:32:47 EST 2001


On Monday 29 January 2001 22:18, you wrote:
> On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> > The HW I got from the packet is the HW of a system within my own segment
> > and they can be obtained from packets where the IP adres is not masked.
> > At least, that is what I know about it.
>
> But you still haven't identified the attacker.
>
> The only way you could identify them from the mac address is if they were
> on your same ethernet segment.
>
And he actually is. Atleast, I think he is. I have an IP in subnet 
213.51.156.0/22 and so has he. This should be the same segment, shouldn't it?

Greetings




More information about the Snort-users mailing list