From owner-freebsd-security Mon Mar 25 7:32:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14804.mail.yahoo.com (web14804.mail.yahoo.com [216.136.224.220]) by hub.freebsd.org (Postfix) with SMTP id 7CE3937B416 for ; Mon, 25 Mar 2002 07:32:07 -0800 (PST) Message-ID: <20020325153207.66991.qmail@web14804.mail.yahoo.com> Received: from [198.88.119.219] by web14804.mail.yahoo.com via HTTP; Mon, 25 Mar 2002 07:32:07 PST Date: Mon, 25 Mar 2002 07:32:07 -0800 (PST) From: krzysztof Strzelczyk Subject: Kernel error?? Hacked?? Bad NIC?? To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm getting some weird actively from my primary DNS server. I have two aliases to one NIC that box as it also acts as a non-anonymous ftp server. Interface fxp0 IP is xxx.xxx.xxx.11 alias0 is xxx.xxx.xxx.4 alias1 is xxx.xxx.xxx.15 I can send and receive ping requests from this interface however I can only ping the .15 alias. The .11 ip address and the .4 alias return 'sendto: host down'. Is this a sign of a NIC going bad?? Here is that latest actively in my logs that I can not explain: >opensocket_f: bind ([xxx.xxx.xxx.11]): can't assign requested address. >Using kernel phase-lock loop 2040 >Using kernel phase-lock loop 2041 >Kernel pll status change 2040 >Kernel pll status change 2041 It almost smells like someone has hacked this box and disabled ping to the IPs he wants to use for his purposes. How could I best check on this? Is there a way to disable ping to certain IP addresses on a NIC. IPF is not loaded on this box. Thanks for any help -chris __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message