Weird IP problem!

From owner-freebsd-questions Thu Dec 27 2:29:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from monster.datasoft.nl (monster.wellance.com [195.193.128.24]) by hub.freebsd.org (Postfix) with ESMTP id 91F8D37B417 for ; Thu, 27 Dec 2001 02:29:22 -0800 (PST) Received: by monster.wellance.com with Internet Mail Service (5.5.2653.19) id ; Thu, 27 Dec 2001 11:37:40 +0100 Message-ID: <0107A170FEECD211ABE500104BD665BBFF020C@monster.wellance.com> From: Stefan de Zeeuw To: "Freebsd-Questions@Freebsd. Org (E-mail)" Subject: Weird IP problem! Date: Thu, 27 Dec 2001 11:37:38 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C18EC2.81620990" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C18EC2.81620990 Content-Type: text/plain; charset="iso-8859-1" My setup: FreeBSD4.4-RELEASE connected to a cablemodem via rl0 rl1 is connected to a HUB and 2 clients And the machine acts as a firewall/NAT config Yesterday my internet connection was dead, the cablemodem was acting strange(the lights) and I did a power recycle on the modem, nothing happend, same results. After that I found this in my log: Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format (0x0800) Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:04:14 FIREWALL last message repeated 2 times Dec 26 03:14:56 FIREWALL last message repeated 14 times Dec 26 03:19:10 FIREWALL last message repeated 13 times Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 10:39:01 FIREWALL last message repeated 51 times Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 11:37:59 FIREWALL last message repeated 256 times Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0 Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:24:02 FIREWALL last message repeated 64 times Dec 26 12:26:18 FIREWALL last message repeated 5 times Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0): 213.73.160.255 Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1 It is very strange and i do not understand what may have happend here. Was it a error by my ISP or was it a intrusion attempt? After this i killed my dhclient and started it up again, assigning me my original ip address. And everything was fine. But I would like to know what happend here. Anyone have some ideas?? I would like to hear them! Sincerly Stef ------_=_NextPart_001_01C18EC2.81620990 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Weird IP problem!

My setup:
FreeBSD4.4-RELEASE connected to a cablemodem via = rl0
rl1 is connected to a HUB and 2 clients
And the machine acts as a firewall/NAT config

Yesterday my internet connection was dead, the = cablemodem was acting strange(the lights) and I did a power recycle on = the modem, nothing happend, same results.

After that I found this in my log:

Dec 25 17:07:37 FIREWALL /kernel: arp: unknown = hardware address format (0x0800)
Dec 26 03:01:44 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 03:02:54 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 03:04:14 FIREWALL last message repeated 2 = times
Dec 26 03:14:56 FIREWALL last message repeated 14 = times
Dec 26 03:19:10 FIREWALL last message repeated 13 = times
Dec 26 05:15:02 FIREWALL natd[284]: failed to write = packet back (No route to host)
<snip>
Dec 26 09:23:25 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network
Dec 26 09:47:33 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network
Dec 26 09:50:16 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11
Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0
Dec 26 09:50:16 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255
Dec 26 10:23:49 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:23:51 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:23:51 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11
Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0
Dec 26 10:23:51 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255
Dec 26 10:24:43 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:24:51 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:24:52 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11
Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0
Dec 26 10:24:52 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255
Dec 26 10:26:40 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:26:43 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 10:26:43 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11
Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0
Dec 26 10:26:43 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255
Dec 26 10:39:01 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!
Dec 26 10:39:01 FIREWALL last message repeated 51 = times
Dec 26 11:37:59 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!
Dec 26 11:37:59 FIREWALL last message repeated 256 = times
Dec 26 11:52:13 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON = ttyv0
Dec 26 12:24:02 FIREWALL natd[284]: failed to write = packet back (No route to host)
Dec 26 12:24:02 FIREWALL last message repeated 64 = times
Dec 26 12:26:18 FIREWALL last message repeated 5 = times
Dec 26 12:26:18 FIREWALL dhclient: New IP = Address(rl0): 213.73.160.xxx
Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0
Dec 26 12:26:18 FIREWALL dhclient: New Broadcast = Address(rl0): 213.73.160.255
Dec 26 12:26:18 FIREWALL dhclient: New Routers: = 213.73.160.1

It is very strange and i do not understand what may = have happend here. Was it a error by my ISP or was it a intrusion = attempt?

After this i killed my dhclient and started it up = again, assigning me my original ip address. And everything was = fine.
But I would like to know what happend here. Anyone = have some ideas??
I would like to hear them!

Sincerly
Stef

------_=_NextPart_001_01C18EC2.81620990-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message