Date: Thu, 15 Nov 2001 23:30:53 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Mitch Collinsworth <mitch@collinsworth.info> Cc: Greg <greg@rapidfx.com>, security@FreeBSD.ORG Subject: Re: Re[2]: unusual log in var/log/messages Message-ID: <20011115233053.F80130@cowbert.2y.net> In-Reply-To: <Pine.LNX.4.10.10111152219470.1744-100000@ruby.ccmr.cornell.edu>; from mitch@collinsworth.info on Thu, Nov 15, 2001 at 10:21:44PM -0500 References: <12126694534.20011115181537@rapidfx.com> <Pine.LNX.4.10.10111152219470.1744-100000@ruby.ccmr.cornell.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I have seen this continously when someone is trying to spoof a router. I have tested this by spoofing a router, but I think it can also be generalized to any pair of hosts with the same IP and neither wants to let it go (which is what is being done when one spoofs a host). On Thu, Nov 15, 2001 at 10:21:44PM -0500, Mitch Collinsworth wrote: > > On Thu, 15 Nov 2001, Greg Wirth wrote: > > > I also see these from time to time, and have never pinned down > > exactly what it means. I've never found any damage or abuse > > during or after these messages. I would really like to know. > > The times always match, and happen at random times. > > Versions don't seem to matter, as it has happened since 3.3 > > > > Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from > > 00:40:c7:81:22:04 to 00:04:ac:1a:4e:e7 on dc0 > > Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from > > 00:04:ac:1a:4e:e7 to 00:40:c7:81:22:04 on dc0 > > Have you checked to find out which system(s) are involved? It has > to be someone on the same subnet with you. > > -Mitch > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 203.206.3784 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011115233053.F80130>