From owner-freebsd-security@FreeBSD.ORG Sun Jan 18 11:19:24 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1FCC16A4CE; Sun, 18 Jan 2004 11:19:24 -0800 (PST) Received: from vulcan.blacksburg.net (vulcan.blacksburg.net [66.208.157.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2277243D1F; Sun, 18 Jan 2004 11:19:21 -0800 (PST) (envelope-from mlevans@blacksburg.net) X-Envelope-From: mlevans@blacksburg.net Received: from p0ts1.blacksburg.net (pluto.blacksburg.net [66.208.157.5]) i0IJJJDW018829; Sun, 18 Jan 2004 14:19:20 -0500 (EST) (envelope-from mlevans@blacksburg.net) Message-Id: <5.1.0.14.0.20040118141604.07e86c80@pop.blacksburg.net> X-Sender: mlevans@pop.blacksburg.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 18 Jan 2004 14:19:17 -0500 To: freebsd-security@freebsd.org From: Lyle Evans Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: freebsd-questions@freebsd.org Subject: Re: arp problem in /var/log/messages X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2004 19:19:25 -0000 At 07:14 AM 01/18/04, you wrote: >hi all, i got flooded by these msgs like 1000+ lines, any idea? >my kernel is dated Nov-30 FreeBSD 4.9-stable > ># tail -f /var/log/messages >Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 >to 00:50:0f:4f:c0:00 on rl0 >Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00 >to 00:04:5a:49:eb:74 on rl0 >Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 >to 00:50:0f:4f:c0:00 on rl0 >Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00 >to 00:04:5a:49:eb:74 on rl0 >Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 >to 00:50:0f:4f:c0:00 on rl You have a Linksys and Cisco device fighting over a IP address either they both think they own the address or one or maybe both are proxy arping for the address. The fields 00:04:5a:49:eb:74 & 00:50:0f:4f:c0:00 are the ethernet address of the Linksys and Cisco devices respectively. Regards, Lyle Evans evansl@rackears.com rackmount brackets for many networking and ISP equipment chassises http://www.rackears.com