Hi

I'm a student aiding the school's Network Administrator in carrying out unpaid pen-testings (since i'm uncertified) and this is a good chance for me to do the practical aspects of penetrations/network. Been doing research for roughly 2months and i've gained quite abit of insights through reading, private studying and testings internally.

Just a simple question, This is a Nmap (Decoy) Question and maybe Snort in mind.

I've been reading through how Cisco Routers have NetFlow and CEF to defend against Spoofed IP. Don't really know its effectiveness since we don't know the mechanism of NetFlow or CEF.

I've come across articles mentioning that the only way to trace back is to go to the lower layers to discover the attackers IP/MAC. I was wondering are there any tools online to complement/allow network administrators to look for the MAC Address which packets are originating from the network i'm performing the scan on?


Thanks