From owner-freebsd-security Mon Mar 25 7:51:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from heresy.dreamflow.nl (heresy.dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id CCB7A37B404 for ; Mon, 25 Mar 2002 07:51:11 -0800 (PST) Received: (qmail 42712 invoked by uid 1000); 25 Mar 2002 15:53:11 -0000 Date: Mon, 25 Mar 2002 16:53:11 +0100 From: Bart Matthaei To: krzysztof Strzelczyk Cc: freebsd-security@freebsd.org Subject: Re: Kernel error?? Hacked?? Bad NIC?? Message-ID: <20020325165311.D32155@heresy.dreamflow.nl> References: <20020325153207.66991.qmail@web14804.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020325153207.66991.qmail@web14804.mail.yahoo.com>; from cs052279@yahoo.com on Mon, Mar 25, 2002 at 07:32:07AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > I can send and receive ping requests from this > interface however I can only ping the .15 alias. The > .11 ip address and the .4 alias return 'sendto: host > down'. Is this a sign of a NIC going bad?? Neh. Probably a routing table problem. Show us a ifconfig -a + netstat -nr. > Here is that latest actively in my logs that I can not > explain: >=20 > >opensocket_f: bind ([xxx.xxx.xxx.11]): can't assign > requested address. Just an application thats trying to open a port thats already in use. Your syslog should show what program is barfing on this. > >Using kernel phase-lock loop 2040 > >Using kernel phase-lock loop 2041 >=20 > >Kernel pll status change 2040 > >Kernel pll status change 2041 Isn't this spewed out by ntpd ? > It almost smells like someone has hacked this box and > disabled ping to the IPs he wants to use for his > purposes. How could I best check on this? Is there a > way to disable ping to certain IP addresses on a NIC.=20 > IPF is not loaded on this box. If you want our opinion on syslog messages, it's wise to show us entire lines instead of fragments. This way we can see what program is trying to tell you something. Your box is probably fine. Get some coffee and relax ;) (although paranoia can be a good thing, don't overdo it). Regards, Bart --=20 Bart Matthaei bart@dreamflow.nl=20 Eat drink and be merry, for tomorrow they may make it illegal. --gKMricLos+KVdGMg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8n0fngcc6pR+tCegRAoyAAJ4upJxp0lSyZk4HLIi4ii97YuE3HQCgm+Vn xZP/mdWj7vrSA6EPzJIMWgs= =zj6o -----END PGP SIGNATURE----- --gKMricLos+KVdGMg-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message