Date: Thu, 15 Nov 2001 23:50:26 -0500 (EST) From: Mitch Collinsworth <mitch@collinsworth.info> To: peter.lai@uconn.edu Cc: Greg <greg@rapidfx.com>, security@FreeBSD.ORG Subject: Re: unusual log in var/log/messages Message-ID: <Pine.LNX.4.10.10111152337420.1744-100000@ruby.ccmr.cornell.edu> In-Reply-To: <20011115233053.F80130@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Nov 2001, Peter C. Lai wrote: > I have seen this continously when someone is trying to spoof a router. > I have tested this by spoofing a router, but I think it can > also be generalized to any pair of hosts with the same IP and > neither wants to let it go (which is what is being done when one > spoofs a host). Sure. But since it's an arp the spoofer has to be on your local subnet. You can examine the spanning tree data in your switches to find out which switch port the machine with that mac address is connected to. -Mitch > On Thu, Nov 15, 2001 at 10:21:44PM -0500, Mitch Collinsworth wrote: > > > > On Thu, 15 Nov 2001, Greg Wirth wrote: > > > > > I also see these from time to time, and have never pinned down > > > exactly what it means. I've never found any damage or abuse > > > during or after these messages. I would really like to know. > > > The times always match, and happen at random times. > > > Versions don't seem to matter, as it has happened since 3.3 > > > > > > Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from > > > 00:40:c7:81:22:04 to 00:04:ac:1a:4e:e7 on dc0 > > > Nov 12 06:18:41 aix /kernel: arp: 24.237.82.161 moved from > > > 00:04:ac:1a:4e:e7 to 00:40:c7:81:22:04 on dc0 > > > > Have you checked to find out which system(s) are involved? It has > > to be someone on the same subnet with you. > > > > -Mitch > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Peter C. Lai > University of Connecticut > Dept. of Residential Life | Programmer > Dept. of Molecular and Cell Biology | > Undergraduate Research Assistant > http://cowbert.2y.net/ > 860.427.4542 > 203.206.3784 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10111152337420.1744-100000>