From owner-freebsd-security  Sat Oct 12 21:17:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4F23337B401
	for <freebsd-security@FreeBSD.ORG>; Sat, 12 Oct 2002 21:17:47 -0700 (PDT)
Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80])
	by mx1.FreeBSD.org (Postfix) with SMTP id 6E97943E75
	for <freebsd-security@FreeBSD.ORG>; Sat, 12 Oct 2002 21:17:46 -0700 (PDT)
	(envelope-from sirmoo@cowbert.2y.net)
Received: (qmail 39892 invoked by uid 1001); 13 Oct 2002 04:17:40 -0000
Date: Sun, 13 Oct 2002 00:17:40 -0400
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: William Wallace <ww@austin.rr.com>
Cc: FreeBSD Security <freebsd-security@FreeBSD.ORG>
Subject: Re: Kernel log message
Message-ID: <20021013041740.GA39841@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <ODEMJJBMDNGMFJHKBCMFGEGHEAAA.ww@austin.rr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ODEMJJBMDNGMFJHKBCMFGEGHEAAA.ww@austin.rr.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This looks like another candidate for an entry in the FAQ, since
in the past 3 years that I have been on this list, questions about the
arp messages have been asked and answered many many times.

Take the message at face value.
All it is saying is at  Oct  5 08:03:57, the kernel detected that
192.168.100.2 broadcasted its MAC address as something different than
what it had been broadcasting before.

This could mean that 192.168.100.2 changed its MAC address, or
that some other device decided to become 192.168.100.2

There are many causes of that happening; if I create an IP conflict
with 2 devices having 192.168.100.2 and both keep broadcasting,
that would cause the the MAC to alternate every time i talk to 192.168.100.1.

On Sat, Oct 12, 2002 at 07:37:33PM -0500, William Wallace wrote:
> 
> > Could someone explain to me what the following log message means:
> > 
> > disco.wwallace.net kernel log messages:
> > > arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on
> > de0
> > > Oct  5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from
> > 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0
> > 
> > The machine in question (192.168.100.2) is a Windows 2000 machine that has
> > had the same NIC for years.  Also, only one of the digits in the MAC
> > address seems to have changed.  What could cause this?
> > 
> > Thanks,
> > - William.
> > 
> > 

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
Center for Medical Informatics | Research Assistant
http://cowbert.2y.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message