'Re: [IPCop-user] MAC filter'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] MAC filter
From:       David W Studeman <dwstudeman () ovi ! com>
Date:       2012-11-04 22:44:35
Message-ID: k76r4o$633$1 () ger ! gmane ! org
[Download RAW message or body]

On 10/31/2012 2:54 AM, David Hand wrote:
> Greetings,
>
> I noticed a bunch of hits in the firewall log from a number of ip's but all
> with the same MAC.
> So, says I, I'll just block that MAC entirely.
>
> Unfortunately though the firewall rules require a "service", Is there a
> simple way to block (drop)  everything?
>
> Dave

All uncommanded incoming packets are dropped by default anyway. What you 
describe is rather normal everyday port scanning activity. For as long 
as I can remember, my firewall daily summary shows hundreds of dropped 
incoming packets daily. Sometimes close to 1000. Yesterday was 462.

Look at your daily log summary, you should see that the packets show red 
dropped packets. You can't stop scanners from going ip to ip and 
sniffing ports, you can only drop their packets which actually hurts 
them because they are busy waiting for a response that never comes from 
your ip.

As far as the MAC issue, my logs show the same MAC address from all 
incoming packets. The packets come from many places including my own 
email servers. Looking at my arp table shows that particular MAC to be 
the gateway of my ISP to the internet. I don't think you want to mess 
with that MAC address in any way shape or form. I'm sure you are not 
seeing a MAC address from anyone other than your ISP's gateway.

-- 
Dave Studeman
http://www.raqcop.com


------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic