Date: Thu, 15 Nov 2001 22:58:49 +0100 (CET) From: Frank Reppin <shauwn@relay.boerde.de> To: airot@lazir.toya.net.pl Cc: Sven Wittig <Sven.wittig@gmx.de>, security@FreeBSD.ORG Subject: Re: unusual log in var/log/messages Message-ID: <Pine.LNX.3.96.1011115225524.25576A-100000@relay.boerde.de> In-Reply-To: <Pine.LNX.4.33.0111152242230.4419-100000@lazir.toya.net.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Nov 2001 airot@lazir.toya.net.pl wrote: > > > On Thu, 15 Nov 2001, Sven Wittig wrote: > > > Hi, > > > > I recently discovered this entry in my messages-logfile > > > > " Nov 14 15:10:44 leo2 /kernel: arp: 137.226.141.33 moved from > > 00:40:33:39:80:d1 to 00:50:bf:7e:6e:70 on de0" > > > > is this a kind of attack or what? > > > > Nope it only mean that someone changed arp. > It could be spoof, or simply someone changed network card. > > Regards. > > airot... i also thought of someone changing the NIC where this ip was originated to before. so i would ask the owner of this host if he made anything that could result in such a message. regards, fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.1011115225524.25576A-100000>