Date: Mon, 22 Jul 2002 10:33:50 +0200 From: Enrico Giakas <Enrico.Giakas@ccrle.nec.de> To: freebsd-security <freebsd-security@FreeBSD.ORG> Subject: Re: wierdness in my security report Message-ID: <319871370.1027334030@[192.168.102.190]> In-Reply-To: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop>
next in thread | previous in thread | raw e-mail | index | archive | help
A very helpful message of the kernel, indicating that someone has changed his IP Address in your network... --Enrico > Anyone have any ideas as to what might be causing the following to appear > in my security report? > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on > dc0 >> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from >> 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 arp: 12.236.220.1 moved >> from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 Jul 17 05:47:57 >> server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to >> 00:b0:64:b7:6f:54 on dc0 > > I thought those : delimited fields would be MAC addresses, but they don't > match the MAC addresses of either of the two cards in my free-bsd box. I > have not checked the MAC addresses of the other network cards on my > network. > Also, where does the "server /kernel" name come from. "kernel" is not > the name I gave my kernel, so I am suspicious. > Thanks, > > --Craig > _____________________________________________________ Enrico Giakas Network Laboratories Heidelberg NEC Europe Ltd. Adenauerplatz 6 D-69115 Heidelberg, Germany Tel.:+49/(0) 62 21/905 11- 12 Fax :+49/(0) 62 21/905 11- 55 email: Enrico.Giakas@ccrle.nec.de _____________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?319871370.1027334030>