Date: Thu, 18 Jul 2002 12:30:05 -0600 From: "El Error del Milenio" <elerrordlmilenio@hotmail.com> To: "Craig Miller" <craig@millerfam.net>, "freebsd-security" <freebsd-security@freebsd.org> Subject: Re: wierdness in my security report Message-ID: <OE21SfmC4QMJ80DI0Rr00001aa0@hotmail.com> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] I'm also having: > arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0 > Jul 1 15:29:26 bella /kernel: arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0 I thought it was because of dhcp addresses changing, but now I am in doubt, since my kernel is not named "kernel" either. ----- Original Message ----- From: Craig Miller To: freebsd-security Sent: Thursday, July 18, 2002 11:47 AM Subject: wierdness in my security report Anyone have any ideas as to what might be causing the following to appear in my security report? arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network. Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious. Thanks, --Craig [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4807.2300" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>I'm also having:</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV>> arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0<BR>> Jul 1 15:29:26 bella /kernel: arp: 10.0.0.147 moved from 00:e0:7d:a9:c8:3c to 00:b0:d0:a5:4d:e0 on rl0<BR></DIV> <DIV><FONT face=Arial size=2><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: ES; mso-bidi-language: AR-SA">I thought it was because of dhcp addresses changing, but now I am in doubt, since my kernel is not named "kernel" either.</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <BLOCKQUOTE dir=ltr style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV> <DIV style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> <A title=craig@millerfam.net href="mailto:craig@millerfam.net">Craig Miller</A> </DIV> <DIV style="FONT: 10pt arial"><B>To:</B> <A title=freebsd-security@freebsd.org href="mailto:freebsd-security@freebsd.org">freebsd-security</A> </DIV> <DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, July 18, 2002 11:47 AM</DIV> <DIV style="FONT: 10pt arial"><B>Subject:</B> wierdness in my security report</DIV> <DIV><BR></DIV> <DIV><FONT face=Arial size=2>Anyone have any ideas as to what might be causing the following to appear in my security report?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0<BR>> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0<BR>> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0<BR>> Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0<BR></DIV> <DIV><FONT face=Arial size=2>I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Thanks,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>--Craig</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE21SfmC4QMJ80DI0Rr00001aa0>