On Mon, 18 Jun 2001, MaD dUCK wrote: > also sprach Sebastiaan (on Mon, 18 Jun 2001 02:22:49PM +0200): > > if you have a MAC address, how can you find ou tit's ip address? > > a tool like arpwatch or iptraf can help you, but these obviously > require watching some traffic going to that mac address first. > > mac addresses are data link layer addresses, that is below the IP > stack. i am a little curious why you'd have a mac address only but no > IP...
Hi, well, I just installed a firewall with iptable logging, and I get about every second an entry like this in syslog: Jun 18 14:42:43 aluqah kernel: UDP Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:f0:19:b0:8e:08:00 SRC=192.168.0.2 DST=255.255.255.255 LEN=176 TOS=0x00 PREC=0x00 TTL=128 ID=1280 PROTO=UDP SPT=1015 DPT=1015 LEN=156 The SRC is invalid, I only have 192.168.1.* network and a 212.127.*.* to the internet (cable modem). I would like to know who is really doing this. Does someone have nay idea what is going on? Is this some kind of attack? Thanks in advance, Sebastiaan
