Date: Thu, 25 Apr 2013 02:52:21 +0100 From: Kaya Saman <kayasaman@gmail.com> To: freebsd-questions@freebsd.org Subject: Unknown IP address shows FreeBSD server MAC in arp cache Message-ID: <51788C55.6040009@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm experiencing a weird problem and I have no idea where to begin with this one! Basically what's happening is that I did a host scan from my NetBSD box running Cacti in order to 'Auto Discover' machines on my network; a php script on the Cacti server added an IP address xxx.xxx.1.52. Seeing this as odd since I haven't configured any machine with this IP as it's in the DHCP range on my network and there aren't any machines running on DHCP on the particular VLAN either as everything is statically configured; I proceeded to check the arp cache of my NetBSD box which pointed to the MAC address of my FreeBSD server? Having a look round my network and servers each ping attempt to xxx.xxx.1.52 gives me a response and in the arp cache of each machine/device shows the FreeBSD server. Long ago I may have had this machine on xxx.xxx.1.52 but I can't recall and all settings in /etc/rc.conf for interfaces and Jails are fine and consistent with my Network Spec. My network has also had a massive overhaul since then as I've changed switches and router in the meantime too.... I have thought about arp poisoning but then again no other machine is connected to my network that I don't know about and since it's a home network there's really only me connected to it. Also I'm running OpenBSD as a firewall/router gateway which I've also checked thoroughly including Packet Filter and haven't found any issues. I also thought about RARP and bootparamd since I'm running a bunch of Sun SPARC systems in which I NetBooted but nothing on that front either showed any result. I additionally have checked the /etc/hosts files of all my systems and even my local DNS db files but nothing shows xxx.xxx.1.52 at all. The BSD version that I'm running on my FreeBSD server is 8.2 x64. Would anyone be able to help me out with this one? Basically why is a rogue or unknown IP address pointing to my FreeBSD box's NIC? Regards, Kaya
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51788C55.6040009>