Date: Sat, 20 Dec 1997 00:32:18 GMT From: mike@sentex.net (Mike Tancsa) To: robmel@nadt.org.uk (Robin Melville) Cc: freebsd-isp@freebsd.org Subject: Re: Spoofing attack? Message-ID: <349b11cc.328590748@coal.sentex.net> In-Reply-To: <3.0.5.32.19971219103416.007e8b10@wrcmail> References: <3.0.5.32.19971219103416.007e8b10@wrcmail>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Dec 1997 10:34:16 +0000, in sentex.lists.freebsd.misc you wrote: >One of our FBSD router hosts has begun to report what looks like some kind >of spoof attack. I wonder whether anyone has seen anything like this or can >offer a (hopefully benign) explanation. Notice that these rapid arp changes >all take place within 1 second. >This is one example of a number over the last 48 hours. > >TIA for any help. > >-------------------------------------------------- >Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from >00:60:b0:64:c6:5c to 00:00:f4:ea:0c:34 If this is the MAC address of a real device that should not be changing, look into doing an arp -s to make the arp entry permanent perhaps. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?349b11cc.328590748>