LinuxQuestions.org - mac address log

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - mac address log (https://www.linuxquestions.org/questions/linux-security-4/mac-address-log-264849/)

lyte	12-10-2004 08:59 AM

mac address log

Good Morning,

I have a linux server that people on my lan have been trying to break into. The logs clearly show the ip (maybe spoofed) that the attacks are comming from the problem is that the IP is a dhcp address and I don't control the DHCP server. My question is: is there a way to also log the mac or hardware address of machines trying to login through SSH?

Thanks for you time.

Andy

m_shroom

12-10-2004 12:50 PM

Mac addresses are readable between hardware that is directly connected. And any thing that is past the first piece of hardware is not easyaly readable if at all.

sigsegv

12-10-2004 09:14 PM

How about:

Code:

iptables -t nat -I PREROUTING -p tcp --dport 22 -j LOG --log-tcp-options --log-ip-options

and you should see MAC= in the logs for the machines hitting you (assuming they're not coming across a router to do it).

Disclaimer: t's been a *very* long time since I did anything with iptables, so my syntax may not be perfect

All times are GMT -5. The time now is 10:13 AM.