[Courses] [Security] return RST
coldfire
rolick571 at duq.edu
Fri Mar 29 21:44:51 EST 2002
> > but if you're on the same network as a scanning machine, you can figure
> > out whether a host is up or not regardless of it's firewall policy.
>
> How? Put your port in promiscuous mode and sniff the network
> for traffic with that IP in general? Or did you have something else in
> mind?
arp requests and arp replies both have their own ethernet frame types
(different than ip). as far as i know, iptables only filters based on ip
datagrams (correct me if i'm wrong, please :) ... therefore, if you
attempt to ping a host that's on the same physical network, you can check
the arp cache on your machine to see if you have recieved any arp replies
(or just sniff for them). logically, arp fits between ip and the ethernet
driver.
coldie
More information about the Courses
mailing list