From owner-freebsd-security Sun Jul 28 13:24:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 831FD37B400 for ; Sun, 28 Jul 2002 13:24:38 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EEDA43E3B for ; Sun, 28 Jul 2002 13:24:32 -0700 (PDT) (envelope-from craig@millerfam.net) Received: from Desktop ([12.236.220.188]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020728202431.CRZO1451.sccrmhc02.attbi.com@Desktop>; Sun, 28 Jul 2002 20:24:31 +0000 Message-ID: <002001c23674$adb8a260$fe01a8c0@Desktop> From: "Craig Miller" To: "Duncan Patton a Campbell is Dhu" , "faSty" Cc: References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> <20020718204203.GA71330@i-sphere.com> <20020718204840.M67510@babayaga.neotext.ca> Subject: Re: wierdness in my security report Date: Sun, 28 Jul 2002 13:23:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That is correct, they are not my MAC addresses. Also, based on the mac address it is Cisco hardware further pointing toward AT&Ts hardware since my FreeBSD box definately is not made by Cisco. --Craig ----- Original Message ----- From: "Duncan Patton a Campbell is Dhu" To: "faSty" ; "Craig Miller" Cc: Sent: Thursday, July 18, 2002 1:48 PM Subject: Re: wierdness in my security report > This I've seen too, but he sez the mac's aren't his.... > > Duncan Patton a Campbell is Duibh ;-) > > ---------- Original Message ----------- > From: faSty > To: Craig Miller > Sent: Thu, 18 Jul 2002 13:42:03 -0700 > Subject: Re: wierdness in my security report > > > DO you have bridge on your server? > > > > I have that same similar and the bridge 2 ethernet > > port fight over who master the primary IP address. > > > > -fasty > > > > On Thu, Jul 18, 2002 at 10:47:21AM -0700, Craig Miller > > wrote: > > > Anyone have any ideas as to what might be causing the > following to appear in my security report? > > > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to > 00:b0:64:b7:6f:a8 on dc0 > > > > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved > from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to > 00:b0:64:b7:6f:54 on dc0 > > > > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved > from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > > > > > > I thought those : delimited fields would be MAC addresses, > but they don't match the MAC addresses of either of the two > cards in my free-bsd box. I have not checked the MAC addresses > of the other network cards on my network. > > > > > > Also, where does the "server /kernel" name come from. > "kernel" is not the name I gave my kernel, so I am suspicious. > > > > > > Thanks, > > > > > > --Craig > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the > > message > ------- End of Original Message ------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message