RE: have i been hacked??????

From owner-freebsd-questions Fri Jan 11 7:16:54 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.swbanktx.com (mail2.swbanktx.com [63.89.83.247]) by hub.freebsd.org (Postfix) with ESMTP id A963F37B405 for ; Fri, 11 Jan 2002 07:16:36 -0800 (PST) Received: from swbtexcn1.swbanktx.com (unverified) by mail2.swbanktx.com (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Fri, 11 Jan 2002 09:11:31 -0600 Received: by swbtexcn1.swbanktx.com with Internet Mail Service (5.5.2653.19) id ; Fri, 11 Jan 2002 09:11:31 -0600 Message-ID: From: Ronald Clark To: 'Tom Kersten' , freebsd-questions@freebsd.org Subject: RE: have i been hacked?????? Date: Fri, 11 Jan 2002 09:11:22 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative ; boundary="----_=_NextPart_001_01C19AB2.3B00D110" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C19AB2.3B00D110 Content-Type: text/plain; charset="iso-8859-1" CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas, I do not know if you have had any replies to this, but you can try to load ethereal in the ports collection. Then go into X and set it to capture some packets for a short time. Then you might be able to see what these arp packets are and begin to investigate why your system is doing this. Just my $.02 worth. Good luck. =--=--=--=--=--=--=--=--=--=--=--=--= Thank you, Ron Clark - -----Original Message----- From: Tom Kersten [mailto:tomkersten98@yahoo.com] Sent: Friday, January 11, 2002 12:11 AM To: freebsd-questions@freebsd.org Subject: have i been hacked?????? Hello, When using the console (instead of xfree86's gui), today I started getting the following error to pop up every once in a while: Jan 10 18:20:41 tucson1 kernel: arplookup 24.1.240.41 failed: host is not on local network I have no idea what that ip address is and when I tried to to a "man arplookup" to read into the problem a little, I had zero luck. When looking on google, all I can come up with for common errors leading to this is that people have made a mistake in setting their netmask for their subnet. In my ipf.rules file (not ipfw), whenever I refer to my personal IP (which is static)...I have xxx.xxx.xxx/32. From my understanding, this should be correct. Also, I do not have a rule relating to this IP address. I am not sure what is going on. I have attached my ipf.rules file if you are interested, if you need anything else let me know. Has my setup been hacked or is this something else I have managed to screwed up? Any tips are appreciated.... TIA, Thomas Kersten p.s.-also...any tips on making my rules better for a web/ftp server are welcome also.....:) !!!!!!!! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPD8AmkSpEYIqgLQzEQIKtwCcC7DxoHA2/EjGbgScrERwNxIHOkAAn3kt elUFiLqm/JELnfx7sN6hxNrt =OxeC -----END PGP SIGNATURE----- CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ ------_=_NextPart_001_01C19AB2.3B00D110 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: have i been hacked??????

&nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; = &nb= sp; =

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas,

I do not know if you have had any replies to this,= but you can try
to load ethereal in the ports collection. Then go into X= and set it
to capture some packets for a short time. Then you might= be able to
see what these arp packets are and begin to investigate = why your
system is doing this. Just my $.02 worth. Good luck.

=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--=3D--= =3D--=3D
Thank you,
Ron Clark

- -----Original Message-----
From: Tom Kersten [mailto:tomkersten98@yahoo.com]
Sent: Friday, January 11, 2002 12:11 AM
To: freebsd-questions@freebsd.org
Subject: have i been hacked??????

Hello,

When using the console (instead of xfree86's gui),
today I started getting the following error to pop up
every once in a while:

Jan 10 18:20:41 tucson1 kernel: arplookup 24.1.240.41
failed: host is not on local network

I have no idea what that ip address is and when I
tried to to a "man arplookup" to read into the= problem
a little, I had zero luck. When looking on google, all
I can come up with for common errors leading to this
is that people have made a mistake in setting their
netmask for their subnet. In my ipf.rules file (not
ipfw), whenever I refer to my personal IP (which is
static)...I have xxx.xxx.xxx/32. From my
understanding, this should be correct. Also, I do not
have a rule relating to this IP address. I am not sure
what is going on. I have attached my ipf.rules file if
you are interested, if you need anything else let me
know. Has my setup been hacked or is this something
else I have managed to screwed up? Any tips are
appreciated....

TIA,

Thomas Kersten

p.s.-also...any tips on making my rules better for a
web/ftp server are welcome also.....:) !!!!!!!!

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPD8AmkSpEYIqgLQzEQIKtwCcC7DxoHA2/EjGbgScrERwNxIHO= kAAn3kt
elUFiLqm/JELnfx7sN6hxNrt
=3DOxeC
-----END PGP SIGNATURE-----
=20





CONFIDENTIALITY NOTICE:



************************************************************************



The information contained in this ELECTRONIC MAIL transmission

is confidential.  It may also be privileged work product or proprietary

information. This information is intended for the exclusive use of the

addressee(s).  If you are not the intended recipient, you are hereby

notified that any use, disclosure, dissemination, distribution [other

than to the addressee(s)], copying or taking of any action because

of this information is strictly prohibited.



************************************************************************

------_=_NextPart_001_01C19AB2.3B00D110-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message