From owner-freebsd-security Mon Jul 22 1:33:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4870C37B400 for ; Mon, 22 Jul 2002 01:33:52 -0700 (PDT) Received: from tokyo.ccrle.nec.de (tokyo.ccrle.nec.de [195.37.70.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2523043E6A for ; Mon, 22 Jul 2002 01:33:51 -0700 (PDT) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from wallace.heidelberg.ccrle.nec.de (root@wallace [192.168.102.1]) by tokyo.ccrle.nec.de (8.11.6/8.11.6) with ESMTP id g6M8XoU30701 for ; Mon, 22 Jul 2002 10:33:50 +0200 (CEST) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from [192.168.102.190] (enrico.heidelberg.ccrle.nec.de [192.168.102.190]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id KAA28674 for ; Mon, 22 Jul 2002 10:33:50 +0200 Date: Mon, 22 Jul 2002 10:33:50 +0200 From: Enrico Giakas To: freebsd-security Subject: Re: wierdness in my security report Message-ID: <319871370.1027334030@[192.168.102.190]> In-Reply-To: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> X-Mailer: Mulberry/2.2.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A very helpful message of the kernel, indicating that someone has changed his IP Address in your network... --Enrico > Anyone have any ideas as to what might be causing the following to appear > in my security report? > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on > dc0 >> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from >> 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 arp: 12.236.220.1 moved >> from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 Jul 17 05:47:57 >> server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to >> 00:b0:64:b7:6f:54 on dc0 > > I thought those : delimited fields would be MAC addresses, but they don't > match the MAC addresses of either of the two cards in my free-bsd box. I > have not checked the MAC addresses of the other network cards on my > network. > Also, where does the "server /kernel" name come from. "kernel" is not > the name I gave my kernel, so I am suspicious. > Thanks, > > --Craig > _____________________________________________________ Enrico Giakas Network Laboratories Heidelberg NEC Europe Ltd. Adenauerplatz 6 D-69115 Heidelberg, Germany Tel.:+49/(0) 62 21/905 11- 12 Fax :+49/(0) 62 21/905 11- 55 email: Enrico.Giakas@ccrle.nec.de _____________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message