Date: Thu, 15 Nov 2001 23:03:31 +0100 From: Axel Scheepers <axel@axel.truedestiny.net> To: Sven Wittig <Sven.wittig@gmx.de> Cc: security@FreeBSD.ORG Subject: Re: unusual log in var/log/messages Message-ID: <20011115230331.A74754@mars.thuis> In-Reply-To: <3BF4369A.3030503@gmx.de>; from Sven.wittig@gmx.de on Thu, Nov 15, 2001 at 10:41:46PM %2B0100 References: <bulk.9491.20011114170248@hub.freebsd.org> <3BF4369A.3030503@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
As far as I now this is not an attack, but probably caused by a running
routed. I (unfortunatly) don't really know the ins and outs of this message,
maybe someone can explain it more detail?
After browsing for a while I found the following which might be usefull:
In the O`reilly book TCP/IP Network Admin. book by Craig Hunt, there is some
discussion about ARP_PROXYALL options in
the basic BSD kernel config. ...on page 114 "Proxy ARP is a variant on the
standard protocol in which a server answers the ARP request for its clients.
Here`s how it works. Host A sends out an ARP request for the Ethernet
address of host B. The proxy ARP server, C, hears the request and sends an
ARP response back to A claiming that C`s Ethernet address is the address of
host B. A then sends traffic intended for B to C because it uses C`s
Ethernet address. C is therefore responsible for forwarding the traffic on
to B. The proxy ARP server is usually a router and proxy ARP is used as a
means of forwarding traffic between systems that cannot use normal routing
for that traffic"
This seems to be what's happening but again, I'm not sure.
Gr,
Axel
On Thu, Nov 15, 2001 at 10:41:46PM +0100, Sven Wittig wrote:
> Hi,
>
> I recently discovered this entry in my messages-logfile
>
> " Nov 14 15:10:44 leo2 /kernel: arp: 137.226.141.33 moved from
> 00:40:33:39:80:d1 to 00:50:bf:7e:6e:70 on de0"
>
> is this a kind of attack or what?
>
> Cu
>
> Sven Wittig
--
Axel Scheepers
UNIX System Administrator
email: axel@axel.truedestiny.net
ascheepers@vianetworks.nl
http://axel.truedestiny.net/~axel
------------------------------------------
I have great faith in fools -- self confidence my friends call it.
-- Edgar Allan Poe
------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011115230331.A74754>