From owner-freebsd-questions Tue Jan 23 23:42:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id E9CAC37B400 for ; Tue, 23 Jan 2001 23:42:32 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 23 Jan 2001 23:40:45 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0O7gWL46488; Tue, 23 Jan 2001 23:42:32 -0800 (PST) (envelope-from cjc) Date: Tue, 23 Jan 2001 23:42:32 -0800 From: "Crist J. Clark" To: Kondie Cc: FreeBSD-Questions@FreeBSD.ORG Subject: Re: Kernel log messages Message-ID: <20010123234232.A10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <4.3.2.7.0.20010124085704.00d41bd0@pop3.malawi.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.0.20010124085704.00d41bd0@pop3.malawi.net>; from kondwani@malawi.net on Wed, Jan 24, 2001 at 09:04:54AM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Jan 24, 2001 at 09:04:54AM +0200, Kondie wrote: > Hie, > > I keep lines like these in my security check output. > > mwax kernel log messages: > > arp: 208.148.168.47 moved from 00:c0:7b:6d:68:10 to 00:c0:7b:6c:dd:aa > > arp: 208.148.168.45 moved from 00:c0:7b:6c:dd:aa to 00:c0:7b:6d:68:10 > > arp: 208.148.168.60 moved from 00:c0:7b:6c:dd:aa to 00:c0:7b:6d:68:10 > > Can someone please explain to me what they mean, whether they are or > signify a problem and how I can get rid of them. It means that the MAC address associated with the given IP has changed from one value to the other. This generally indicates that the IP address has moved from one physical machine (for PCs, a MAC typically associates to the NIC not the PC itself) to another. This is logged since it may be a security issue. Someone might be IP spoofing. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message