论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2015-10-24 22:48 |只看该作者 |倒序浏览

每个网卡出场的时候mac地址不是唯一的吗，为什么linux可以修改呢？网卡应该是工作在链路层吧，当网卡不工作在混杂模式的情况下，如果不是发送给自己的帧应该会被抛弃掉，这样mac修改后为什么仍然会受到数据。。有点乱

网卡

文库|博客

csoho2000

富足长乐

论坛徽章:: 45

2楼 [报告]

发表于 2015-10-26 07:54 |只看该作者

我记得windows也能改网卡MAC

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

chenyx

版主

论坛徽章:: 381

3楼 [报告]

发表于 2015-10-26 09:05 |只看该作者

OS只是读取网卡里面的mac地址，是可以修改的。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

cgweb

小富即安

论坛徽章:: 6

4楼 [报告]

发表于 2015-10-26 14:31 |只看该作者

一旦修改就会被发现： p0f：它是一款被动式的指纹识别工具,它通过分析网络通信识别远端的操作系统。

ossim31:~# p0f
p0f - passive os fingerprinting utility, version 2.0.8
(C) M. Zalewski <lcamtuf@dione.cc>, W. Stearns <wstearns@pobox.com>
p0f: listening (SYN) on 'eth0', 262 sigs (14 generic, cksum 0F1F5CA2), rule: 'all'.
192.168.11.2:51579 - UNKNOWN [8192:64:1:52:M1460,N,W2,N,N,S:.

?]
-> 192.168.11.127:443 (link: ethernet/modem)
192.168.11.1:3538 - Linux 2.6, seldom 2.4 (older, 2) (up: 3221 hrs)
-> 192.168.11.21:21 (distance 0, link: ethernet/modem)
192.168.11.2:51586 - UNKNOWN [8192:64:1:52:M1460,N,W2,N,N,S:.

?]
-> 61.135.189.216:80 (link: ethernet/modem)
192.168.11.1:3896 - Linux 2.6, seldom 2.4 (older, 2) (up: 3221 hrs)
-> 192.168.11.248:3389 (distance 0, link: ethernet/modem)
192.168.11.2:51588 - UNKNOWN [8192:64:1:52:M1460,N,W2,N,N,S:.

?]
-> 192.229.145.200:443 (link: ethernet/modem)
192.168.11.2:51587 - UNKNOWN [8192:64:1:52:M1460,N,W2,N,N,S:.

?]
-> 192.229.145.200:443 (link: ethernet/modem)
192.168.11.2:51589 - UNKNOWN [8192:64:1:52:M1460,N,W2,N,N,S:.

?]
-> 61.240.129.78:80 (link: ethernet/modem)
... ...

Pads：它属于被动资产检测系统，它的目的是检测资产的异常，比如服务异常。
ossim31:~#pads
pads - Passive Asset Detection System
v1.2- 06/17/05
Matt Shelton <matt@mattshelton.com>
[-] Processing Existing assets.csv
[-]Filter: (null)
Warning: Kernel filter failed: Socket operation onnon-socket
[-] Listening on interface eth0

Asset Found: Port - 443 / Host - 192.168.11.128 / Service - ssl / Application -Generic TLS 1.0 SSL

Asset Found: Port - 443 / Host - 192.168.11.127 / Service - ssl / Application -Generic TLS 1.0 SSL

Asset Found: Port - 80 / Host - 111.206.80.97 / Service - www / Application - nginx

Asset Found: IP Address - 192.168.11.5 / MAC Address - 0

0:B7:E0:99:AE (IntelCorporation)

Asset Found: Port - 80 / Host - 111.206.80.103 / Service - www / Application - nginx

Asset Found: IP Address - 192.168.11.127 / MAC Address - 0:0C:29:CA:18:10

Asset Found: Port - 80 / Host - 111.206.80.96 / Service - www / Application - nginx

Asset Found: Port - 49993 / Host - 192.168.11.1 / Service - www / Application -HTTP/1.1)

Asset Found: Port - 2869 / Host - 192.168.11.5 / Service - www / Application -Microsoft-HTTPAPI/2.0

Asset Found: Port - 80 / Host - 111.206.80.101 / Service - www / Application - nginx

Asset Found: Port - 80 / Host - 111.206.37.178 / Service - www / Application -HTTP/1.1)

Asset Found: Port - 80 / Host - 123.125.80.77 / Service - www / Application - nginx

Asset Found: Port - 80 / Host - 61.135.186.213 / Service - www / Application -HTTP/1.1)

Asset Found: Port - 80 / Host - 111.206.80.99 / Service - www / Application - nginx

Asset Found: IP Address - 192.168.11.129 / MAC Address - 0:0C:29:16:E8:82

Asset Found: Port - 443 / Host - 192.168.11.129 / Service - ssl / Application -Generic TLS 1.0 SSL

Asset Found: Port - 80 / Host - 111.206.80.102 / Service - www / Application - nginx
这些日志文件收集处理后可以以可视化方式展现：http://chenguang.blog.51cto.com/350944/1703458