Date: Thu, 18 Jul 2002 11:53:58 -0600 From: "Jim Laurenson" <j.laurenson@epicmail.ca> To: "Craig Miller" <craig@millerfam.net>, "freebsd-security" <freebsd-security@freebsd.org> Subject: RE: wierdness in my security report Message-ID: <LJEFLBLMLGPNAJOOKOHLGEJLCDAA.j.laurenson@epicmail.ca> In-Reply-To: <006301c22e83$2b3d5b30$fe01a8c0@Desktop>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] I have found the same logs on one of my older builds (4.3 I think). The offending MAC address was found to be a Cisco router on my ISP's network. I found no solution for it though. Jim Laurenson -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Craig Miller Sent: July 18, 2002 11:47 AM To: freebsd-security Subject: wierdness in my security report Anyone have any ideas as to what might be causing the following to appear in my security report? arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network. Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious. Thanks, --Craig [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2713.1100" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Tahoma color=#0000ff size=2><SPAN class=055135217-18072002>I have found the same logs on one of my older builds (4.3 I think). The offending MAC address was found to be a Cisco router on my ISP's network. I found no solution for it though.</SPAN></FONT></DIV> <DIV><FONT face=Tahoma size=2></FONT> </DIV> <DIV><FONT face=Tahoma size=2>Jim Laurenson</FONT></DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]<B>On Behalf Of </B>Craig Miller<BR><B>Sent:</B> July 18, 2002 11:47 AM<BR><B>To:</B> freebsd-security<BR><B>Subject:</B> wierdness in my security report<BR><BR></FONT></DIV> <DIV><FONT face=Arial size=2>Anyone have any ideas as to what might be causing the following to appear in my security report?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0<BR>> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0<BR>> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0<BR>> Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0<BR></DIV> <DIV><FONT face=Arial size=2>I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Thanks,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>--Craig</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LJEFLBLMLGPNAJOOKOHLGEJLCDAA.j.laurenson>