LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2004, 08:59 AM   #1
lyte
LQ Newbie
 
Registered: Jul 2004
Distribution: yellowdog 3.0, redhat 9
Posts: 2

Rep: Reputation: 0
mac address log


Good Morning,

I have a linux server that people on my lan have been trying to break into. The logs clearly show the ip (maybe spoofed) that the attacks are comming from the problem is that the IP is a dhcp address and I don't control the DHCP server. My question is: is there a way to also log the mac or hardware address of machines trying to login through SSH?

Thanks for you time.

Andy
 
Old 12-10-2004, 12:50 PM   #2
m_shroom
Member
 
Registered: Oct 2004
Location: Queen Charlotte B. C. Canada
Distribution: openSUSE 11.1
Posts: 42

Rep: Reputation: 15
Mac addresses are readable between hardware that is directly connected. And any thing that is past the first piece of hardware is not easyaly readable if at all.
 
Old 12-10-2004, 09:14 PM   #3
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
How about:
Code:
iptables -t nat -I PREROUTING -p tcp --dport 22 -j LOG --log-tcp-options --log-ip-options
and you should see MAC= in the logs for the machines hitting you (assuming they're not coming across a router to do it).

Disclaimer: t's been a *very* long time since I did anything with iptables, so my syntax may not be perfect
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to find an IP address from the MAC address of a remote machine ? jitz Linux - General 3 01-03-2006 07:55 AM
How to find IP address of a machine if I know their MAC Address dysenteryduke Linux - Networking 13 09-12-2005 10:21 AM
how to get ip address, broadcast address, mac address of a machine sumeshstar Programming 2 03-12-2005 04:33 AM
DHCP Server MAC Address found, IP address not assigned wmburke Linux - Wireless Networking 17 11-17-2004 10:33 AM
How would i log the source MAC address w/ iptables? phek Linux - Security 12 12-14-2001 12:18 PM


All times are GMT -5. The time now is 09:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration