Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Sep 2006 22:53:36 +0000
From:      Robin Becker <robin@reportlab.com>
To:        freebsd-questions@freebsd.org
Subject:   IP address impersonation
Message-ID:  <451C5270.1010404@jessikat.plus.net>

Next in thread | Raw E-Mail | Index | Archive | Help
We have a remotely hosted 6.0 server that has apparently been 
impersonated by a colocated server. The provider allows root access and 
we have set up our server from a base 6.0 installation. We were 
allocated an ip address and mostly we have had a good experience with 
this setup. However, twice in three weeks we have had difficulty in 
logging in and have had to crash boot the server. Analysis of the logs 
revealed that another machine on the hoster's network had assigned 
itself our ip address. Even when we provided the suspect mac address it 
seemed the hoster had trouble in finding out/appreciating what the 
problem was.

I have little experience of this sort of thing, but can anyone else 
offer some advice on

1) is this a recognized form of attack? I can see that it could be used 
for password harvesting and traffic interception, but are there other 
implications.

2) Are there ways to mitigate this kind of problem? We have other hosted 
servers on machines with similar (root) access. They presumably could 
also be impersonated. We found this out by inspection of our own log 
files; could the provider be doing something more to prevent this?
-- 
Robin Becker



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?451C5270.1010404>