From owner-freebsd-security Thu Nov 15 19:12:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from westhost32.westhost.net (westhost32.westhost.net [216.71.84.181]) by hub.freebsd.org (Postfix) with ESMTP id 72C2337B417 for ; Thu, 15 Nov 2001 19:12:25 -0800 (PST) Received: from HFTB (cable-14-82-237-24.anchorageak.net [24.237.82.14]) by westhost32.westhost.net (8.11.6/8.11.6) with ESMTP id fAG3CMW26157 for ; Thu, 15 Nov 2001 21:12:22 -0600 Date: Thu, 15 Nov 2001 18:15:37 -0900 From: Greg Wirth X-Mailer: The Bat! (v1.54/10) Personal Reply-To: Greg Organization: RapidFX.com X-Priority: 3 (Normal) Message-ID: <12126694534.20011115181537@rapidfx.com> To: security@FreeBSD.ORG Subject: Re[2]: unusual log in var/log/messages In-Reply-To: <20011116020109.S18296-100000@mail.tietoverkot.net> References: <20011116020109.S18296-100000@mail.tietoverkot.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello... I also see these from time to time, and have never pinned down exactly what it means. I've never found any damage or abuse during or after these messages. I would really like to know. The times always match, and happen at random times. Versions don't seem to matter, as it has happened since 3.3 Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from 00:40:c7:81:22:04 to 00:04:ac:1a:4e:e7 on dc0 Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from 00:04:ac:1a:4e:e7 to 00:40:c7:81:22:04 on dc0 Thursday, November 15, 2001, 3:03:01 PM, you wrote: LM> On Thu, 15 Nov 2001, Sven Wittig wrote: >> I recently discovered this entry in my messages-logfile >> " Nov 14 15:10:44 leo2 /kernel: arp: 137.226.141.33 moved from >> 00:40:33:39:80:d1 to 00:50:bf:7e:6e:70 on de0" >> is this a kind of attack or what? >> Sven Wittig LM> I have same logs now and then and i guess it comes from LM> multiple interfaces with diffrent ips on same switch LM> i guess i am not sure but this cheapo switch i bought sumhow forgets LM> things and it comes from there. LM> never happened b4 when it was sitting in catalyst. LM> must be something to do with switches. :) LM> ..................................................................... LM> Len Merikanto LM> MMI Tietoverkot Oy LM> Munkkisaarenkatu 2, 4. krs. LM> FIN - 00150 Helsinki - -- Greg S. Wirth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message