- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- SANS Curricula
- Certified Instructors
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Intrusion Detection FAQ: Can I use the MAC address of an Ethernet packet to trace an attacker?
If the attack originated from a system that has a direct connection to your system with no gateway in between, then you can use the MAC address. But, if a gateway is in the path, then the gateway replaces the MAC address of the sender with its own address. As a result, you can trace the attack to the gateway only. If the gateway has extensive logging enabled, you might consider searching the log file for more information.
Dirk LehmannSiemens CERT
Check Them Out!
504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy