Date: Thu, 28 Sep 2006 22:53:36 +0000 From: Robin Becker <robin@reportlab.com> To: freebsd-questions@freebsd.org Subject: IP address impersonation Message-ID: <451C5270.1010404@jessikat.plus.net>
next in thread | raw e-mail | index | archive | help
We have a remotely hosted 6.0 server that has apparently been impersonated by a colocated server. The provider allows root access and we have set up our server from a base 6.0 installation. We were allocated an ip address and mostly we have had a good experience with this setup. However, twice in three weeks we have had difficulty in logging in and have had to crash boot the server. Analysis of the logs revealed that another machine on the hoster's network had assigned itself our ip address. Even when we provided the suspect mac address it seemed the hoster had trouble in finding out/appreciating what the problem was. I have little experience of this sort of thing, but can anyone else offer some advice on 1) is this a recognized form of attack? I can see that it could be used for password harvesting and traffic interception, but are there other implications. 2) Are there ways to mitigate this kind of problem? We have other hosted servers on machines with similar (root) access. They presumably could also be impersonated. We found this out by inspection of our own log files; could the provider be doing something more to prevent this? -- Robin Becker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451C5270.1010404>