Site Navigation

Date:      Sat, 12 Oct 2002 22:51:55 -0700
From:      "Alex Pavlovic" <alex.pavlovic@corp-x.com>
To:        "FreeBSD Security" <freebsd-security@FreeBSD.ORG>
Subject:   RE: Kernel log message
Message-ID:  <OIEDKPDGGBLHDIKAKDABAEALCAAA.alex.pavlovic@corp-x.com>
In-Reply-To: <ODEMJJBMDNGMFJHKBCMFGEGHEAAA.ww@austin.rr.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Hi,

There is always a possibility of someone or something performing arp
manipulation in order to redirect the lan traffic. Some common techniques
that come to mind are: MAC spoofing which is efficient against CAM
tables found in switches ( If you are running a switched network )
and ARP spoofing / cache poisoning which might apply to you.
Attacks that can be performed with these range from sniffing to
proxying, MiM, DoS to escaping firewalls. Recently for example certain
data has been published about intreception of ssl traffic
and attack against Microsoft IE certificates.

--
Alex Pavlovic 
Founder and CTO
Corp-X Solutions
http://www.corp-x.com



>  -----Original Message-----
> From: 	owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG] 
> Sent:	Saturday, October 12, 2002 5:38 PM
> To:	FreeBSD Security
> Subject:	Kernel log message
> 
> 
> 	Could someone explain to me what the following log message means:
> 
> 	disco.wwallace.net kernel log messages:
> 	> arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to
> 00:00:78:0d:5a:7f on de0
> 	> Oct  5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from
> 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0
> 	
> 	The machine in question (192.168.100.2) is a Windows 2000 machine
> that has had the same NIC for years.  Also, only one of the digits in the
> MAC address seems to have changed.  What could cause this?
> 
> 	Thanks,
> 	- William.
> 
> 

[-- Attachment #2 --]
x�>"7
�


���
�IPM.Microsoft Mail.Note1

�
��
3>

�
'
#&).6p
Kernel log message
q
%
�o��V���mE���m]�0��ח����
K 

SMTP:ALEX.PAVLOVIC@CORP-X.COM
@:܁|r�



���m��C�6�r$��€

	
84�LZFu���P
rcpg1252�`n033O
���ch
�s�et0 �P��xPfprqA��Tahq�}
��l ;	o05�
�vI�wk�d4`cPc� HiN,
�
�
�Th�e�  @way!H poibi�ty of sp�e ���th��g��rm�
�.p�� u`ti ��� to� 	qi	pc@��
 �ra
 
�.u� �m`!��h�q
P���"—� �qd�e:мAC����w��

��00g�qs@CAM#�
�vl�u%1 !�t���( I�y`�%R �)P�)�%@�tw�k )�p�%@ARP%�/"��?!�� &Hpgh�'�pPp �*�.�vA@�k $D�b�.�$,!)�&�!q  ���R�"!� ����oxy�,��iM60Do� ��=.pp�"0	p`ll�s"`R�'q0aA'�xamP"��
���d��� 2p	���u`,
�`@��!�8a0��s �!�,��1�'�6P���@IE9��
���0���1 --1(�x Pav�	�c
�
�F)B �q-BCTO�P�->X"q
@�#�0tp�://wGP.�E��xG�mA;�P�0@36
@5�#A@�0I�316BaL�zOg�@��s�'�eL��KJ�K�i-144
@@8180
@�PCb .Fa%��bPowr-P	�bsd�- cq`@Q�	�BSD.ORG n[� �:RS�]oC�Qa`0:Q�t�p:py60O!@o2p� 60
�K� 5:�38C0(UQaTUQ��S�QV$Wh;`j!1X7�K�e 	��M��H<N�O�@
�K�`I\�Ql%@�9 S$���&�$a!r8U �_)?_QqX0	!�o.'GP7��e.,Q ko^�g�@>�%�1h92.Lp8lP�.�ZP`v,!4SP�:
�:78:0d:5�am�� �mamam���
Prk3YaK`5mPm��3n7o�h�.@i�%��k�l�m�n�o�H����%.�k" !#��(I��r�d) W!U � Z!Px�$C:��%@g!rM�"�NI%�8�y�g�"``8o60 �0au�!�!M t �d�!�%�}�d	p �em1� ��s�"��u4dqW$Tc�.pu�3��s?�p1���-{�80mA,Q�B
0<ODEMJJBMDNGMFJHKBCMFGEGHEAAA.ww@austin.rr.com>
� �F�� �F�� �FR�'j
	� �FT�
9.0
� �F6�

� �F7�

� �F8�


� �F��
:� �F�<� �F�=� �F�X� �F�Y� �F
�
�
���m��C�6�r$��
�
���m��C�6�r$��
�
�8�����+*V�PSTPRX.DLLNITA���
�7�nC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook.pst�
4�7

8<OIEDKPDGGBLHDIKAKDABAEALCAAA.alex.pavlovic@corp-x.com>=�%o
eHI,THEREISALWAYSAPOSSIBILITYOFSOMEONEORSOMETHINGPERFORMINGARPMANIPULATIONINORDERTOREDIRECTTHELANTRAF5�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OIEDKPDGGBLHDIKAKDABAEALCAAA.alex.pavlovic>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact