Date: Tue, 23 Jan 2001 23:42:32 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Kondie <kondwani@malawi.net> Cc: FreeBSD-Questions@FreeBSD.ORG Subject: Re: Kernel log messages Message-ID: <20010123234232.A10761@rfx-216-196-73-168.users.reflex> In-Reply-To: <4.3.2.7.0.20010124085704.00d41bd0@pop3.malawi.net>; from kondwani@malawi.net on Wed, Jan 24, 2001 at 09:04:54AM %2B0200 References: <4.3.2.7.0.20010124085704.00d41bd0@pop3.malawi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 24, 2001 at 09:04:54AM +0200, Kondie wrote: > Hie, > > I keep lines like these in my security check output. > > mwax kernel log messages: > > arp: 208.148.168.47 moved from 00:c0:7b:6d:68:10 to 00:c0:7b:6c:dd:aa > > arp: 208.148.168.45 moved from 00:c0:7b:6c:dd:aa to 00:c0:7b:6d:68:10 > > arp: 208.148.168.60 moved from 00:c0:7b:6c:dd:aa to 00:c0:7b:6d:68:10 > > Can someone please explain to me what they mean, whether they are or > signify a problem and how I can get rid of them. It means that the MAC address associated with the given IP has changed from one value to the other. This generally indicates that the IP address has moved from one physical machine (for PCs, a MAC typically associates to the NIC not the PC itself) to another. This is logged since it may be a security issue. Someone might be IP spoofing. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010123234232.A10761>