From owner-freebsd-security Mon Mar 25 8: 2:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14806.mail.yahoo.com (web14806.mail.yahoo.com [216.136.224.222]) by hub.freebsd.org (Postfix) with SMTP id 5B35F37B419 for ; Mon, 25 Mar 2002 08:02:07 -0800 (PST) Message-ID: <20020325160207.47002.qmail@web14806.mail.yahoo.com> Received: from [198.88.119.219] by web14806.mail.yahoo.com via HTTP; Mon, 25 Mar 2002 08:02:07 PST Date: Mon, 25 Mar 2002 08:02:07 -0800 (PST) From: krzysztof Strzelczyk Subject: Re: Kernel error?? Hacked?? Bad NIC?? To: "Nickolay A.Kritsky" Cc: freebsd-security@freebsd.org In-Reply-To: <7131186123.20020325185243@internethelp.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org No, no packet filtering. I can preform ping from this machine. ntpd is complaining about the kernel phase-lock. Thanks -chris --- "Nickolay A. Kritsky" wrote: > Hello krzysztof, > > Monday, March 25, 2002, 6:32:07 PM, you wrote: > > kS> Hello, > > kS> I'm getting some weird actively from my > primary > kS> DNS server. I have two aliases to one NIC that > box as > kS> it also acts as a non-anonymous ftp server. > > kS> Interface fxp0 > kS> IP is xxx.xxx.xxx.11 > kS> alias0 is xxx.xxx.xxx.4 > kS> alias1 is xxx.xxx.xxx.15 > > kS> I can send and receive ping requests from this > kS> interface however I can only ping the .15 alias. > The > kS> .11 ip address and the .4 alias return 'sendto: > host > kS> down'. Is this a sign of a NIC going bad?? > > Do you have any packet-filtering software on this > box? If yes, what > your ruleset looks like? > Do you perform pings from that very machine, or from > machine in local > segment, or from machine behind the router(s)? > > kS> Here is that latest actively in my logs that I > can not > kS> explain: > > >>opensocket_f: bind ([xxx.xxx.xxx.11]): can't > assign > kS> requested address. > > Which process is complaining? > > >>Using kernel phase-lock loop 2040 > >>Using kernel phase-lock loop 2041 > > >>Kernel pll status change 2040 > >>Kernel pll status change 2041 > > kS> It almost smells like someone has hacked this > box and > kS> disabled ping to the IPs he wants to use for his > kS> purposes. How could I best check on this? Is > there a > kS> way to disable ping to certain IP addresses on a > NIC. > kS> IPF is not loaded on this box. > > kS> Thanks for any help > kS> -chris > > > ;------------------------------------------- > ; NKritsky > ; mailto:nkritsky@internethelp.ru > > __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message