Date: Thu, 18 Jul 2002 12:30:05 -0600 From: "El Error del Milenio" <elerrordlmilenio@hotmail.com> To: "Craig Miller" <craig@millerfam.net>, "freebsd-security" <freebsd-security@freebsd.org> Subject: Re: wierdness in my security report Message-ID: <OE21SfmC4QMJ80DI0Rr00001aa0@hotmail.com> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_005C_01C22E56.D8C8D220 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I'm also having: > arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on = rl0 > Jul 1 15:29:26 bella /kernel: arp: 10.0.0.147 moved from = 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0 I thought it was because of dhcp addresses changing, but now I am in = doubt, since my kernel is not named "kernel" either. ----- Original Message -----=20 From: Craig Miller=20 To: freebsd-security=20 Sent: Thursday, July 18, 2002 11:47 AM Subject: wierdness in my security report Anyone have any ideas as to what might be causing the following to = appear in my security report? arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 = on dc0 > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from = 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 = on dc0 > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from = 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 I thought those : delimited fields would be MAC addresses, but they = don't match the MAC addresses of either of the two cards in my free-bsd = box. I have not checked the MAC addresses of the other network cards on = my network. Also, where does the "server /kernel" name come from. "kernel" is not = the name I gave my kernel, so I am suspicious. Thanks, --Craig ------=_NextPart_000_005C_01C22E56.D8C8D220 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>I'm also having:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV>> arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to = 00:b0:d0:a5:4d:e0 on=20 rl0<BR>> Jul 1 15:29:26 bella /kernel: arp: 10.0.0.147 moved = from=20 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0<BR></DIV> <DIV><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-fareast-font-family: = 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: ES; = mso-bidi-language: AR-SA">I=20 thought it was because of dhcp addresses changing, but now I am in = doubt, since=20 my kernel is not named "kernel" either.</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3Dcraig@millerfam.net = href=3D"mailto:craig@millerfam.net">Craig=20 Miller</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = title=3Dfreebsd-security@freebsd.org=20 href=3D"mailto:freebsd-security@freebsd.org">freebsd-security</A> = </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, July 18, 2002 = 11:47=20 AM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> wierdness in my = security=20 report</DIV> <DIV><BR></DIV> <DIV><FONT face=3DArial size=3D2>Anyone have any ideas as to what = might be causing=20 the following to appear in my security report?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to = 00:b0:64:b7:6f:a8=20 on dc0<BR>> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved = from=20 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0<BR>> arp: = 12.236.220.1 moved=20 from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0<BR>> Jul 17 = 05:47:57=20 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to=20 00:b0:64:b7:6f:54 on dc0<BR></DIV> <DIV><FONT face=3DArial size=3D2>I thought those : delimited fields = would be MAC=20 addresses, but they don't match the MAC addresses of either of the two = cards=20 in my free-bsd box. I have not checked the MAC addresses of the = other=20 network cards on my network.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Also, where does the "server /kernel" = name come=20 from. "kernel" is not the name I gave my kernel, so I am=20 suspicious.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>--Craig</FONT></DIV> <DIV><FONT face=3DArial = size=3D2></FONT> </DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_005C_01C22E56.D8C8D220-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE21SfmC4QMJ80DI0Rr00001aa0>