From owner-freebsd-security Mon Mar 25 7:53: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by hub.freebsd.org (Postfix) with ESMTP id 0230837B404 for ; Mon, 25 Mar 2002 07:53:02 -0800 (PST) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id SAA72150; Mon, 25 Mar 2002 18:52:49 +0300 (MSK) Received: from IBMKA.star.spb.ru (217.195.79.241 [217.195.79.241]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id GY0AJCNX; Mon, 25 Mar 2002 18:52:38 +0300 Date: Mon, 25 Mar 2002 18:52:43 +0300 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <7131186123.20020325185243@internethelp.ru> To: krzysztof Strzelczyk Cc: freebsd-security@freebsd.org Subject: Re: Kernel error?? Hacked?? Bad NIC?? In-reply-To: <20020325153207.66991.qmail@web14804.mail.yahoo.com> References: <20020325153207.66991.qmail@web14804.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello krzysztof, Monday, March 25, 2002, 6:32:07 PM, you wrote: kS> Hello, kS> I'm getting some weird actively from my primary kS> DNS server. I have two aliases to one NIC that box as kS> it also acts as a non-anonymous ftp server. kS> Interface fxp0 kS> IP is xxx.xxx.xxx.11 kS> alias0 is xxx.xxx.xxx.4 kS> alias1 is xxx.xxx.xxx.15 kS> I can send and receive ping requests from this kS> interface however I can only ping the .15 alias. The kS> .11 ip address and the .4 alias return 'sendto: host kS> down'. Is this a sign of a NIC going bad?? Do you have any packet-filtering software on this box? If yes, what your ruleset looks like? Do you perform pings from that very machine, or from machine in local segment, or from machine behind the router(s)? kS> Here is that latest actively in my logs that I can not kS> explain: >>opensocket_f: bind ([xxx.xxx.xxx.11]): can't assign kS> requested address. Which process is complaining? >>Using kernel phase-lock loop 2040 >>Using kernel phase-lock loop 2041 >>Kernel pll status change 2040 >>Kernel pll status change 2041 kS> It almost smells like someone has hacked this box and kS> disabled ping to the IPs he wants to use for his kS> purposes. How could I best check on this? Is there a kS> way to disable ping to certain IP addresses on a NIC. kS> IPF is not loaded on this box. kS> Thanks for any help kS> -chris ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message