Date: Thu, 18 Jul 2002 12:47:08 -0600 From: "Jim Laurenson" <j.laurenson@epicmail.ca> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>, "Craig Miller" <craig@millerfam.net>, "freebsd-security" <freebsd-security@FreeBSD.ORG> Subject: RE: wierdness in my security report Message-ID: <LJEFLBLMLGPNAJOOKOHLAEJOCDAA.j.laurenson@epicmail.ca> In-Reply-To: <027101c22e86$dc4fae20$95e2910c@fbccarthage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
My setup included multiple machines (2 of them, one running 4.3 and ht eother running 4.4, both getting the error listed below) connected through a Docsis modem. These errors started just after the systems were built. After one of the systems became redundant I removed it from the network and the errors disappeared from the other system. Yet neither of the systems error messages were mentioning the other, just the MAC address of the Cisco router on my ISPs side. Jim Laurenson -----Original Message----- From: Kevin Kinsey, DaleCo, S.P. [mailto:kdk@daleco.biz] Sent: July 18, 2002 12:14 PM To: Jim Laurenson; Craig Miller; freebsd-security Subject: Re: wierdness in my security report Somebody, somewhere, changed something that changed a route your kernel had established. How many machines in your LAN? What are the chances one has a new NIC? KDK ----- Original Message ----- From: Jim Laurenson To: Craig Miller ; freebsd-security Sent: Thursday, July 18, 2002 12:53 PM Subject: RE: wierdness in my security report I have found the same logs on one of my older builds (4.3 I think). The offending MAC address was found to be a Cisco router on my ISP's network. I found no solution for it though. Jim Laurenson -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Craig Miller Sent: July 18, 2002 11:47 AM To: freebsd-security Subject: wierdness in my security report Anyone have any ideas as to what might be causing the following to appear in my security report? arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 I thought those : delimited fields would be MAC addresses, but they don't match the MAC addresses of either of the two cards in my free-bsd box. I have not checked the MAC addresses of the other network cards on my network. Also, where does the "server /kernel" name come from. "kernel" is not the name I gave my kernel, so I am suspicious. Thanks, --Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LJEFLBLMLGPNAJOOKOHLAEJOCDAA.j.laurenson>