On Tuesday 16 July 2013 18:08:55 Aleksandar Kuktin wrote: > Seems like someone is ratcheting the doors of your digital fortress. > > Not sure about where was that 192.168.2.1 packet captured. I think you > said something about the ethernet being on the inside in your first > e-mail. But while that packet is excusable, the other one (the one with > the bogus MAC adress) is not. And BTW, it's pretty obvious that is a > bogus packet. There is a nice series of numbers which extends into the > ethertype field and probably into the rest of the packet.
I though I would try droping the 'bogus mac address' packets or is that punching at shadows? I tried iptables \ -A input \ -p tcp \ -m mac \ --mac $badMAC \ -j DROP where badMAC="ff ff ff ff ff ff 11 22 33 44 55 66 77 88" but it made no difference If I am not punching at a shadow, do I need to specify the interface? ( I have ppp on the outside and ethernet on the inside ) and do I need to do it in the forward chain and output chain as well ? and is it just for tcp? advice would be appreciated sincerely luxInteg -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
