From owner-freebsd-security Fri Jul 19 5:46:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E4D637B400 for ; Fri, 19 Jul 2002 05:46:50 -0700 (PDT) Received: from memphis.mephi.ru (memphis.mephi.ru [194.67.67.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9A5E43E58 for ; Fri, 19 Jul 2002 05:46:48 -0700 (PDT) (envelope-from timon@memphis.mephi.ru) Received: (from timon@localhost) by memphis.mephi.ru (8.11.6/8.11.6) id g6JCkVd30425; Fri, 19 Jul 2002 16:46:31 +0400 (MSD) (envelope-from timon) Date: Fri, 19 Jul 2002 16:46:30 +0400 From: "Artem 'Zazoobr' Ignatjev" To: Craig Miller , freebsd-security@FreeBSD.ORG Subject: Re: wierdness in my security report Message-ID: <20020719164630.B26458@memphis.mephi.ru> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <006301c22e83$2b3d5b30$fe01a8c0@Desktop>; from craig@millerfam.net on Thu, Jul 18, 2002 at 10:47:21AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 18, 2002 at 10:47:21AM -0700, Craig Miller wrote: > Anyone have any ideas as to what might be causing the following to appear in my security report? > >> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 >> arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 >> Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > > I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two >cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network. > Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious. errr... ls /kernel I think you meant that IDENT line of your kernel configs isn't about kernel, but it installs into / as kernel. The message you see tells you, that IP address changed it hardware addr, and delimited fields really are old and new addys. Sinceherely yours, Artem 'Zazoobr' Ignatjev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message