Date: Mon, 14 Oct 2002 22:21:13 -0500 From: "William Wallace" <ww@austin.rr.com> To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: RE: Kernel log message Message-ID: <ODEMJJBMDNGMFJHKBCMFCEJHEAAA.ww@austin.rr.com> In-Reply-To: <3DA8F90A.7070101@hq.dyns.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to all who replied. Just as an additional interesting piece of information: Because the machine in question was in a state that made it easy to simply wipe it out and re-install everything from scratch, I decided to do just that. Upon reinstalling the OS and rebooting, I got a kernel log message in my FreeBSD server that indicated the "opposite" MAC address change. It changed from "00:00:78:0d:5a:7f" back to "00:20:78:0d:5a:7f", which is what it was originally. I'm suspicious now of some kind of malicious software or something, but it's going to be hard to determine what exactly made that happen. Thanks again, - William. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of wolf Sent: Saturday, October 12, 2002 11:40 PM Cc: FreeBSD Security Subject: Re: Kernel log message >Could someone explain to me what the following log message means: > >disco.wwallace.net kernel log messages: > >arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on > >de0 > >Oct 5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from > >00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0 > >The machine in question (192.168.100.2) is a Windows 2000 machine that has >had the same NIC for years. Also, only one of the digits in the MAC >address seems to have changed. What could cause this? > 1) The NIC card could be dieing. "same NIC for years" 2) Transmission error of some sort on you LAN 3) Problem w/ a packet switch. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ODEMJJBMDNGMFJHKBCMFCEJHEAAA.ww>