Someone is basicly "twicking the mail headers" by sending messages like "[EMAIL PROTECTED]"-who is?
OUI...yes, great topic! Now mind me asking but why would you need a "private" OUI if the well-known (registed) list is quite public and everyone has a reserved allocation? (vendors have) and yes as far as i am aware all can be spoofed...up to the available anti-spoofing rules, plenty of google literature........just to check the theory points of failure ..... Now the question is do mac adresses change w/ IPv6? Is there a relation w/ IPv4/6 format type and OUI format type ? we might have heard of the IPv6 source address spoofing ..... http://www.cuba.ipv6-taskforce.org/pdf/isatap.pdf ...and w/ the translation to the OUI w/ v6 ...... http://tools.ietf.org/html/draft-eastlake-ethernet-iana-considerations-08 --- On Mon, 11/24/08, Mark Smith <[EMAIL PROTECTED]> wrote: > From: Mark Smith <[EMAIL PROTECTED]> > Subject: Re: BCP for Private OUI / address assignments? > To: [EMAIL PROTECTED] > Cc: nanog@nanog.org > Date: Monday, November 24, 2008, 10:01 PM > Hi, > > On Mon, 24 Nov 2008 19:35:07 +0100 > Peter Dambier <[EMAIL PROTECTED]> wrote: > > > I also found this one helpful > > > > http://www.iana.org/assignments/ethernet-numbers > > > > === > > The CFxxxx Series > > > > RFC 2153 describes a method of usings a "pseudo > OUI" for certain > > purposes when there is no appropriate regular OUI > assigned. These are > > listed here. > > > > CF0001 Data Comm for Business > [McCain] > > === > > > > I remember we had IBM Token-Ring equipment and they > suggested > > to always use "CF..." and never rely on the > programmed MAC for SNA. > > > > On an ethernet network, CF is a multicast destination > address, or, as a > source, I'm pretty sure it indicates that the frame > contains a source > route for use with translational bridging. > > The locally assigned 0x02 bit would be better to use. Be > aware that > Microsoft have decided to "reserve" some locally > assigned addresses > in the range 02-BF, and 02-01 through 02-20 for use with > their load > balancing / high availability product, rather than use one > of their > proper OUIs. Apparently you're not supposed to be using > these > address ranges because the locally assigned address space > is so large, > before you use this Microsoft product, so if you are, too > bad. You'll > have to change your previous local assignments, or somehow > change > Microsoft's software. Within Wireshark it shows it as > used by > Microsoft, which implies official assignment to Microsoft. > The > Wireshark people won't change it, so that gives it a > level of > legitimacy. I think that's a slippery slope. > > (It's a pet hate of mine that certain organisations > force their private > address space assignments (RFC1918 or IEEE locally > assigned) on > outsiders. It's supposed to be private so outsiders > don't see it or > don't have to work around it!) > > Regards, > Mark. > > -- > > "Sheep are slow and tasty, and therefore must > remain constantly > alert." > - Bruce Schneier, > "Beyond Fear"