Date: Thu, 18 Jul 2002 13:13:46 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Jim Laurenson" <j.laurenson@epicmail.ca>, "Craig Miller" <craig@millerfam.net>, "freebsd-security" <freebsd-security@FreeBSD.ORG> Subject: Re: wierdness in my security report Message-ID: <027101c22e86$dc4fae20$95e2910c@fbccarthage.com> References: <LJEFLBLMLGPNAJOOKOHLGEJLCDAA.j.laurenson@epicmail.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Somebody, somewhere, changed something that changed a route your kernel had established. How many machines in your LAN? What are the chances one has a new NIC? KDK ----- Original Message ----- From: Jim Laurenson To: Craig Miller ; freebsd-security Sent: Thursday, July 18, 2002 12:53 PM Subject: RE: wierdness in my security report I have found the same logs on one of my older builds (4.3 I think). The offending MAC address was found to be a Cisco router on my ISP's network. I found no solution for it though. Jim Laurenson -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Craig Miller Sent: July 18, 2002 11:47 AM To: freebsd-security Subject: wierdness in my security report Anyone have any ideas as to what might be causing the following to appear in my security report? arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network. Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious. Thanks, --Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?027101c22e86$dc4fae20$95e2910c>