[LARTC] clone MAC address
Francisco Pereira
fpereira@lojan.com
Wed, 17 Nov 2004 00:57:13 -0200
Frank Gruellich wrote:
> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
>
>>No, I'm not talking about natting ... I'm talking about hidding my
>>computers from my ISP.
>
> Tell me, what's the difference. Can you give some technical description
> for this 'hiding' you are talking about?
>
>>.. or .... are you telling me that the problem with my linux box is
>>about bad firewall rules?
>
> No. 'Firewall rules' are a matter of layer 3, MACs and their so called
> cloning belong to layer 2.
>
>>Right now with my linux box doing NAT they can find that I have others
>>computers connected.
>
> Contradicting to Chris they can. But trust me, they won't. Finding
> hosts behind a NAT router is very difficult and involves the collection
> of huge amounts of traffic.[1] After all, it will not work for any OSs.
It's no so dificult, at least in some cases.
p0f (passive OS fingerprint) uses a technique (that has some
limitations) to detect masqueraded hosts, it have to sniff all the
traffic but not collect it.
http://lcamtuf.coredump.cx/p0f.shtml
Regards,
Francisco.