MAC Attack

No I'm not hungry, it's just the the firewall popped an alert that it had blocked an attack by something using the same MAC address of my primary rig, and since I have the wireless disabled, I can only imagine that this must have come from the internet.

I have seen a number of attacks blocked before, but never one such as this. It is possible that this was due to the fact that I just connected a different wireless telephone, but it works on 5.8MHz, instead of 2.4MHz like my router, so that doesn't seem to be a likely source. Is it possible that someone on the internet could be trying to hack my computer by imitating the MAC. If I understand, the MAC isn't broadcast on the internet...is it?

Not until you asked. There are so many logs in my firewall, I'm not sure which to look at, but it appears from the mac.log that this is the entry in question:

2010/04/15 12:38:06 recv xx-xx-xx-xx-xx-xx -> ff-ff-ff-ff-ff-ff block by 00000000 ARP:block
2010/04/15 12:38:06 recv xx-xx-xx-xx-xx-xx -> ff-ff-ff-ff-ff-ff block by 00000000 ARP:block

The problem is that I don't know how to interpet it...do you? I probably shouldn't have pasted it, since it contains the MAC address, but I guess that I can change it.

EDIT: I Decided to x out the numbers. However, the first set I didn't recognize, the second set were from my computer.

MAC address spoofing is normally associated with wireless networks, with hackers using tools like wireshark to sniff network packets. With wired networks, like yours, one needs physical connection to the machine to access network traffic and presumably that can be controlled by the owner of the network.

Every ethernet card is theoretically assigned a unique MAC address. But really speaking, theres nothing to guarantee such uniqueness for 2 reasons:

1) Manufacturers may or may not ensure that they are unique.
2) MAC addresses can be set manually in many network interfaces.

The MAC address is used by the network to identify which piece of hardware a packet is to be sent to. So it's used only on connections from one piece of networking equipment to the next. When information leaves your computer it has your computer's MAC address, but when it leaves your router, that address is replaced by the MAC address of your router. Then when it leaves the ISPs router, it contains the MAC address of the ISPs router. So, no, the MAC address of your rigs does not travel very far.

Bill2 said:

MAC address spoofing is normally associated with wireless networks, with hackers using tools like wireshark to sniff network packets. With wired networks, like yours, one needs physical connection to the machine to access network traffic and presumably that can be controlled by the owner of the network.

Every ethernet card is theoretically assigned a unique MAC address. But really speaking, theres nothing to guarantee such uniqueness for 2 reasons:

1) Manufacturers may or may not ensure that they are unique.
2) MAC addresses can be set manually in many network interfaces.

The MAC address is used by the network to identify which piece of hardware a packet is to be sent to. So it's used only on connections from one piece of networking equipment to the next. When information leaves your computer it has your computer's MAC address, but when it leaves your router, that address is replaced by the MAC address of your router. Then when it leaves the ISPs router, it contains the MAC address of the ISPs router. So, no, the MAC address of your rigs does not travel very far.

So, what am I to conclude? That the alert was just a fluke?

CarlTR6 said:

I can't interpret this one. It doesn't appear to list the source of the attack.

222.45.112.59 Not available TCP port scan detected, packet dropped

This lists the source and I can look it up via whois.

That is an IP address, rather than a MAC address. I know how to track an IP, but not a MAC...can that be done?