From owner-freebsd-security  Mon Mar 25  7:32:17 2002
Delivered-To: freebsd-security@freebsd.org
Received: from web14804.mail.yahoo.com (web14804.mail.yahoo.com [216.136.224.220])
	by hub.freebsd.org (Postfix) with SMTP id 7CE3937B416
	for <freebsd-security@freebsd.org>; Mon, 25 Mar 2002 07:32:07 -0800 (PST)
Message-ID: <20020325153207.66991.qmail@web14804.mail.yahoo.com>
Received: from [198.88.119.219] by web14804.mail.yahoo.com via HTTP; Mon, 25 Mar 2002 07:32:07 PST
Date: Mon, 25 Mar 2002 07:32:07 -0800 (PST)
From: krzysztof Strzelczyk <cs052279@yahoo.com>
Subject: Kernel error?? Hacked?? Bad NIC??
To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello, 

     I'm getting some weird actively from my primary
DNS server.  I have two aliases to one NIC that box as
it also acts as a non-anonymous ftp server.  

Interface fxp0
IP is xxx.xxx.xxx.11
alias0 is xxx.xxx.xxx.4
alias1 is xxx.xxx.xxx.15

I can send and receive ping requests from this
interface however I can only ping the .15 alias.  The
.11 ip address and the .4 alias return 'sendto: host
down'.  Is this a sign of a NIC going bad??

Here is that latest actively in my logs that I can not
explain:

>opensocket_f: bind ([xxx.xxx.xxx.11]): can't assign
requested address.

>Using kernel phase-lock loop 2040
>Using kernel phase-lock loop 2041

>Kernel pll status change 2040
>Kernel pll status change 2041

It almost smells like someone has hacked this box and
disabled ping to the IPs he wants to use for his
purposes.  How could I best check on this?  Is there a
way to disable ping to certain IP addresses on a NIC. 
IPF is not loaded on this box.

Thanks for any help
-chris



__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message