Closed gaevoc closed 2 years ago
Hey @gaevoc
That's an interesting idea, but unfortunately I can't think of a practical way to implement it. Unlike the client IP address, the client MAC address changes with each hop across the network so if an OpenCanary is plugged into a switch or router all the traffic will have the MAC address of that switch, rather than the actual client MAC address.
There are some ways to link an IP address to a MAC address such as ARP or looking at DHCP logs so there might be a way to do it, but it's not going to be easy or reliable.
Hi @HybridAU , thank you for your kind answer, I understand your point. Looks like there is nothing easy that can be done to retrieve this information, I will do without :)
Hi Opencanary team, first of all thank you for your great work, I appreciate it.
My question is about incoming connection MAC address, is there any way to include it in the logged record? This would be very useful in intrusion investigation phase
Thank you