From mboxrd@z Thu Jan  1 00:00:00 1970
From: Francisco Pereira <fpereira@lojan.com>
Date: Wed, 17 Nov 2004 02:57:13 +0000
Subject: Re: [LARTC] clone MAC address
Message-Id: <419ABE09.4040000@lojan.com>
List-Id: <lartc.vger.kernel.org>
References: <7539d99f04111518002045dad8@mail.gmail.com>
In-Reply-To: <7539d99f04111518002045dad8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Frank Gruellich wrote:
> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
> 
>>No, I'm not talking about natting ... I'm talking about hidding my
>>computers from my ISP.
> 
> Tell me, what's the difference.  Can you give some technical description
> for this 'hiding' you are talking about?
> 
>>.. or .... are you telling me that the problem with my linux box is
>>about bad firewall rules?
> 
> No.  'Firewall rules' are a matter of layer 3, MACs and their so called
> cloning belong to layer 2.
> 
>>Right now with my linux box doing NAT they can find that I have others
>>computers connected.
> 
> Contradicting to Chris they can.  But trust me, they won't.  Finding
> hosts behind a NAT router is very difficult and involves the collection
> of huge amounts of traffic.[1]  After all, it will not work for any OSs.

It's no so dificult, at least in some cases.
p0f (passive OS fingerprint) uses a technique (that has some 
limitations) to detect masqueraded hosts, it have to sniff all the 
traffic but not collect it.
http://lcamtuf.coredump.cx/p0f.shtml

Regards,
Francisco.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/