On Fri, Nov 28, 2014 at 03:27:38PM +0100, Martin Hanson wrote: > First I would scan the network for MACs and matching IPs, then I would > spoof one at a time until I am out.
Don't forget about the differentiation between "authpf" and "authpf-noip". The latter can make things interesting for some use cases with SSH tunnels. Utilizing the "user" keyword in pf.conf is a nice addition.