Date: Sun, 22 Jun 1997 21:53 EDT From: Barney Wolff <barney@databus.com> To: chas <sweeting@tm.net.my> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: duplicate IP = security problem ? Message-ID: <33add8f90.6d7a@databus.databus.com>
next in thread | raw e-mail | index | archive | help
> Date: Sun, 22 Jun 1997 20:48:34 +0000 (GMT) > From: spork <spork@super-g.com> > > I don't know of any way to track down what machine it is however... > > On Mon, 23 Jun 1997, chas wrote: > > > "/kernel duplicate IP address 202.184.153.15! sent from ethernet > > address 00:a0:40:29:e8:08" Using the first 3 bytes of the Ethernet address is usually a good clue. In this case, for example, 00:a0:40 is Apple Computer. Unless you have a room full of them, of course. It's probably a misconfiguration rather than an attack. You can find the complete listing of manufacturers' codes (OUI's) on http://standards.ieee.org/db/oui and I believe it's on IETF servers as well. Barney Wolff <barney@databus.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33add8f90.6d7a>