>On Tue, 16 Jul 2013 20:23:54 +0100 >"lux-integ" <[email protected]> wrote:
> I tried > iptables \ > -A input \ > -p tcp \ > -m mac \ > --mac $badMAC \ > -j DROP > > > where badMAC="ff ff ff ff > ff ff 11 22 33 44 55 66 77 88" > > but it made no difference $badMAC should be 11:22:33:44:55:66. What you see in: ffff ffff ffff 1122 3344 5566 7788 ...is the link-level header. I don't know how much you worked with this, so I'll just drop a wide explanation. Apologies if you already know this. When analyzing Internet, or any packet network, or infact any network at all, people have decided to talk about layers (or levels). A layer encompases one complete part of all the work that needs to be done to get the message across. There is a relatively nice Wikipedia page at https://en.wikipedia.org/wiki/Internet_protocol_suite that explains much of this (if in perhaps too much detail). There is a more novice-friendly document at http://www.netfilter.org/documentation entitled "Networking Concepts HOWTO". I learned what Internet actually *IS* by reading that document. So, basically, now that I have bailed on explaining layers (and you either know this already or have just learned it), lets just focus on the link layer. This encompases the packets that ethernet cards send to each other. Like internet packets, these have headers and payloads (and checksums). Headers consist of the following: 1. destination address (6 octets) 2. source address (6 octets) 3. type field, called ethertype (2 octets). There is an elaborate diagram with a jumbo explanation on https://en.wikipedia.org/wiki/Ethernet_frame . So, the interpretation of the header your kernel gave us is: "Packet from 11:22:33:44:55:66 (which, incidentaly, is a broadcast address and therefore probably falls under the definition of 'martians'), for destination ff:ff:ff:ff:ff:ff (which is a global broadcast address - nothing strange or unusual about that) with the ethertype 0x7788 (unknown ethertype)". Seeing as how the source MAC is a broadcast address, disabling the logging of martians will probably remove that as well. However, I have to point out that the address given by the kernel may not be correct. Namely, with the hexdump the kernel gave us the ASCII interpretation of that dump. The string "Oj}" should really be "0x4f, 0x6a, 0x7d". I don't know how did that happen. -- You don't need an AI for a robot uprising. Humans will do just fine.
signature.asc
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
