Date: Wed, 10 Feb 2010 22:40:24 -0500 (EST) From: James Smallacombe <up@3.am> To: freebsd-questions@freebsd.org Subject: Mac address changed ?? Message-ID: <alpine.BSF.2.00.1002102226470.19792@mail.pil.net>
next in thread | raw e-mail | index | archive | help
This freaked me out a bit, so I'm just running it past the list to make sure this is just a hardware issue...I've never seen it before. My dedicated server provider replaced my defective server that had been up for 6 months after it had apparent failures of a NIC and hard drives. It had also recently been the victim of the Zen Cart exploits (I posted about this not long ago). Tonight I lost connectivity to it, got in via KVM/IP and saw this in the syslog: Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0 My first reaction was that somebody else on the LAN had used my IP address, which would have explained the connectivity issues. However, the IP couldn't be pinged and I also noticed that only one number in the address had changed...the odds of somebody else having it were long. ifconfig showed the I/F down, no carrier. I rebooted and then it came up with yet a third MAC address, 00:14:d1:3c:1e:31 Not really even close. Still no carrier. Provider swaps out the Realtek NIC for a new one and it's working (for now). Questions that come to mind: could their be a DoS perhaps from a bot or c99shell I didn't find? Even if their was, would it be possible for the "www" user, with no priveleges to even cause this kind of problem? I had disabled suhosin after customers patched their Zen Carts, because it interfered with it. Or...could this be a bug in the re0 driver? It's just weird. James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1002102226470.19792>