At 11/20/2001 11:36 PM -0600, you wrote: >Now, if I'm reading this correctly and with the help of the Netfilter log >analyzer; I think I am. The log entry is telling me that I received a >packet scanning for some form of the Sub-7 Trojan horse from 65.1.121.18 >with a MAC address of 00:03:6c:48:88:8c. I've got other entries some >identical, some differing on the port, some differing on the IP but for all >of them the MAC address is the same. Would the correct way to block this >script-kiddie be something like this? >iptables -A INPUT --mac-source 00:03:6c:48:88:8c -j DROP
I don't think so. I think the MAC address is only useful on the local net since it is replaced by the gateway. Hence, that MAC is your gateway (?). So blocking that would block *all* traffic. You can block 65.1.121.18 if you want, though. -- Rodolfo J. Paiz [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
