Date: Fri, 11 Jan 2002 09:11:22 -0600 From: Ronald Clark <rclark@swbanktx.com> To: 'Tom Kersten' <tomkersten98@yahoo.com>, freebsd-questions@freebsd.org Subject: RE: have i been hacked?????? Message-ID: <E1497354C15DD4119A5500204840E205036290F9@swbtexch2.swbanktx.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C19AB2.3B00D110 Content-Type: text/plain; charset="iso-8859-1" CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas, I do not know if you have had any replies to this, but you can try to load ethereal in the ports collection. Then go into X and set it to capture some packets for a short time. Then you might be able to see what these arp packets are and begin to investigate why your system is doing this. Just my $.02 worth. Good luck. =--=--=--=--=--=--=--=--=--=--=--=--= Thank you, Ron Clark - -----Original Message----- From: Tom Kersten [mailto:tomkersten98@yahoo.com] Sent: Friday, January 11, 2002 12:11 AM To: freebsd-questions@freebsd.org Subject: have i been hacked?????? Hello, When using the console (instead of xfree86's gui), today I started getting the following error to pop up every once in a while: Jan 10 18:20:41 tucson1 kernel: arplookup 24.1.240.41 failed: host is not on local network I have no idea what that ip address is and when I tried to to a "man arplookup" to read into the problem a little, I had zero luck. When looking on google, all I can come up with for common errors leading to this is that people have made a mistake in setting their netmask for their subnet. In my ipf.rules file (not ipfw), whenever I refer to my personal IP (which is static)...I have xxx.xxx.xxx/32. From my understanding, this should be correct. Also, I do not have a rule relating to this IP address. I am not sure what is going on. I have attached my ipf.rules file if you are interested, if you need anything else let me know. Has my setup been hacked or is this something else I have managed to screwed up? Any tips are appreciated.... TIA, Thomas Kersten p.s.-also...any tips on making my rules better for a web/ftp server are welcome also.....:) !!!!!!!! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPD8AmkSpEYIqgLQzEQIKtwCcC7DxoHA2/EjGbgScrERwNxIHOkAAn3kt elUFiLqm/JELnfx7sN6hxNrt =OxeC -----END PGP SIGNATURE----- CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ ------_=_NextPart_001_01C19AB2.3B00D110 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-= 1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12"> <TITLE>RE: have i been hacked??????</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2> &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = </FONT></P> <P><FONT SIZE=3D2>-----BEGIN PGP SIGNED MESSAGE-----</FONT> <BR><FONT SIZE=3D2>Hash: SHA1</FONT> </P> <P><FONT SIZE=3D2>Thomas, </FONT> </P> <P><FONT SIZE=3D2> I do not know if you have had any replies to this,= but you can try</FONT> <BR><FONT SIZE=3D2>to load ethereal in the ports collection. Then go into X= and set it</FONT> <BR><FONT SIZE=3D2>to capture some packets for a short time. Then you might= be able to</FONT> <BR><FONT SIZE=3D2>see what these arp packets are and begin to investigate = why your</FONT> <BR><FONT SIZE=3D2>system is doing this. Just my $.02 worth. Good luck.</FO= NT> </P> <P><FONT SIZE=3D2>=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--= =3D--=3D</FONT> <BR><FONT SIZE=3D2>Thank you,</FONT> <BR><FONT SIZE=3D2>Ron Clark</FONT> </P> <BR> <P><FONT SIZE=3D2> </FONT> </P> <P><FONT SIZE=3D2>- -----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Tom Kersten [<A HREF=3D"mailto:tomkersten98@yahoo.= com">mailto:tomkersten98@yahoo.com</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Friday, January 11, 2002 12:11 AM</FONT> <BR><FONT SIZE=3D2>To: freebsd-questions@freebsd.org</FONT> <BR><FONT SIZE=3D2>Subject: have i been hacked??????</FONT> </P> <BR> <P><FONT SIZE=3D2>Hello,</FONT> </P> <P><FONT SIZE=3D2>When using the console (instead of xfree86's gui),</FONT> <BR><FONT SIZE=3D2>today I started getting the following error to pop up</F= ONT> <BR><FONT SIZE=3D2>every once in a while:</FONT> </P> <P><FONT SIZE=3D2>Jan 10 18:20:41 tucson1 kernel: arplookup 24.1.240.41</FO= NT> <BR><FONT SIZE=3D2>failed: host is not on local network</FONT> </P> <P><FONT SIZE=3D2>I have no idea what that ip address is and when I</FONT> <BR><FONT SIZE=3D2>tried to to a "man arplookup" to read into the= problem</FONT> <BR><FONT SIZE=3D2>a little, I had zero luck. When looking on google, all</= FONT> <BR><FONT SIZE=3D2>I can come up with for common errors leading to this</FO= NT> <BR><FONT SIZE=3D2>is that people have made a mistake in setting their</FON= T> <BR><FONT SIZE=3D2>netmask for their subnet. In my ipf.rules file (not</FON= T> <BR><FONT SIZE=3D2>ipfw), whenever I refer to my personal IP (which is</FON= T> <BR><FONT SIZE=3D2>static)...I have xxx.xxx.xxx/32. From my</FONT> <BR><FONT SIZE=3D2>understanding, this should be correct. Also, I do not</F= ONT> <BR><FONT SIZE=3D2>have a rule relating to this IP address. I am not sure</= FONT> <BR><FONT SIZE=3D2>what is going on. I have attached my ipf.rules file if</= FONT> <BR><FONT SIZE=3D2>you are interested, if you need anything else let me</FO= NT> <BR><FONT SIZE=3D2>know. Has my setup been hacked or is this something</FON= T> <BR><FONT SIZE=3D2>else I have managed to screwed up? Any tips are</FONT> <BR><FONT SIZE=3D2>appreciated....</FONT> </P> <P><FONT SIZE=3D2>TIA,</FONT> </P> <P><FONT SIZE=3D2>Thomas Kersten</FONT> </P> <P><FONT SIZE=3D2>p.s.-also...any tips on making my rules better for a</FON= T> <BR><FONT SIZE=3D2>web/ftp server are welcome also.....:) !!!!!!!!</F= ONT> </P> <BR> <P><FONT SIZE=3D2>__________________________________________________</FONT> <BR><FONT SIZE=3D2>Do You Yahoo!?</FONT> <BR><FONT SIZE=3D2>Send FREE video emails in Yahoo! Mail!</FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://promo.yahoo.com/videomail/" TARGET=3D"= _blank">http://promo.yahoo.com/videomail/</A></FONT>; </P> <P><FONT SIZE=3D2>-----BEGIN PGP SIGNATURE-----</FONT> <BR><FONT SIZE=3D2>Version: PGP 7.1</FONT> </P> <P><FONT SIZE=3D2>iQA/AwUBPD8AmkSpEYIqgLQzEQIKtwCcC7DxoHA2/EjGbgScrERwNxIHO= kAAn3kt</FONT> <BR><FONT SIZE=3D2>elUFiLqm/JELnfx7sN6hxNrt</FONT> <BR><FONT SIZE=3D2>=3DOxeC</FONT> <BR><FONT SIZE=3D2>-----END PGP SIGNATURE-----</FONT> <BR><FONT SIZE=3D2> </FONT>=20 </P> <CODE><FONT SIZE=3D3><BR> <BR> CONFIDENTIALITY NOTICE:<BR> <BR> ************************************************************************<BR> <BR> The information contained in this ELECTRONIC MAIL transmission<BR> is confidential. It may also be privileged work product or proprietary<BR> information. This information is intended for the exclusive use of the<BR> addressee(s). If you are not the intended recipient, you are hereby<BR> notified that any use, disclosure, dissemination, distribution [other<BR> than to the addressee(s)], copying or taking of any action because<BR> of this information is strictly prohibited.<BR> <BR> ************************************************************************<BR> </FONT></CODE></BODY> </HTML> ------_=_NextPart_001_01C19AB2.3B00D110-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1497354C15DD4119A5500204840E205036290F9>