LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-19-2002, 06:35 AM   #1
Chijtska
Member
 
Registered: Jan 2002
Location: High Falls, GA
Distribution: Mandrake8.2, FreeBSD, Solaris
Posts: 362

Rep: Reputation: 30
Finding mac addresses


lets say you check your apache logs and you find someone's ip address that is consistently attacking your box... is there anyway to find that person's mac address with the ip address you have?
 
Old 02-19-2002, 06:46 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
no.

you can find addresses if you own the dhcp server they use, otherwise, no not in your situation.
 
Old 02-19-2002, 09:11 AM   #3
Chijtska
Member
 
Registered: Jan 2002
Location: High Falls, GA
Distribution: Mandrake8.2, FreeBSD, Solaris
Posts: 362

Original Poster
Rep: Reputation: 30
the reason i ask is say: someone has dynamic ip addressing (as im sure most 133t script kiddies do ) and you want to put their address in your hosts.deny file...how in the world would you do it?
 
Old 02-19-2002, 09:29 AM   #4
kill-hup
Member
 
Registered: Aug 2000
Location: NY - USA
Distribution: Slackware
Posts: 109

Rep: Reputation: 15
You'd probably have to block their entire subnet - there's no easy way to block someone with a dynamic IP. Some ISP's have different subnets of addresses as well, depending on which access server the client connects to, so this will most likely turn into a game of cat-and-mouse every time the unwanted outsider gets a new address.

Your best bet is to log the date/times and types of the attacks along with the IP addresses used and contact their ISP's abuse staff.
 
Old 02-27-2002, 03:57 AM   #5
LinuxGod
LQ Newbie
 
Registered: Aug 2001
Location: Cave Mountain
Distribution: Redhat Only
Posts: 29

Rep: Reputation: 15
Post

You would download portsentry and set it up to add portscanners
to a iptables block file, that would stop all the hassles.

Thanks
 
Old 02-27-2002, 04:34 AM   #6
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
That won't help.
Port 80 is public, you need content checking then blocking.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can MAC addresses be tracked? m00 Linux - Security 7 11-16-2004 09:50 PM
finding companys mail addresses juanb Linux - Security 1 09-05-2004 02:29 AM
Finding Addresses Globally nodotnet Linux - Software 0 08-18-2004 03:52 PM
Finding all ip addresses from your dhcp servers J-Stew Linux - Networking 1 08-27-2002 07:19 AM
Mac Addresses nixdisciple Linux - Security 6 07-01-2002 10:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration