From owner-freebsd-questions@FreeBSD.ORG Thu Feb 11 04:14:59 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A951E106566C for ; Thu, 11 Feb 2010 04:14:59 +0000 (UTC) (envelope-from up@3.am) Received: from mail.pil.net (ns3.pil.net [209.17.170.205]) by mx1.freebsd.org (Postfix) with SMTP id 89B718FC14 for ; Thu, 11 Feb 2010 04:14:58 +0000 (UTC) Received: (qmail 44552 invoked from network); 10 Feb 2010 23:14:55 -0500 Received: from unknown (HELO localhost) (127.0.0.1) by 0 with SMTP; 10 Feb 2010 23:14:55 -0500 Date: Wed, 10 Feb 2010 23:14:55 -0500 (EST) From: James Smallacombe X-X-Sender: up@mail.pil.net To: freebsd-questions@freebsd.org In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: Mac address changed ?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2010 04:14:59 -0000 Please disregard this...sleep deprication...the IP in questions (which I should have disfuised anyway) was not my server's IP, but that of the default gateway...the problem was external. On Wed, 10 Feb 2010, James Smallacombe wrote: > > This freaked me out a bit, so I'm just running it past the list to make sure > this is just a hardware issue...I've never seen it before. > > My dedicated server provider replaced my defective server that had been up > for 6 months after it had apparent failures of a NIC and hard drives. It had > also recently been the victim of the Zen Cart exploits (I posted about this > not long ago). > > Tonight I lost connectivity to it, got in via KVM/IP and saw this in the > syslog: > > Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 > to 00:13:e0:4f:b9:c0 on re0 > > My first reaction was that somebody else on the LAN had used my IP address, > which would have explained the connectivity issues. However, the IP couldn't > be pinged and I also noticed that only one number in the address had > changed...the odds of somebody else having it were long. ifconfig showed the > I/F down, no carrier. > > I rebooted and then it came up with yet a third MAC address, > 00:14:d1:3c:1e:31 Not really even close. Still no carrier. Provider swaps > out the Realtek NIC for a new one and it's working (for now). > > Questions that come to mind: could their be a DoS perhaps from a bot or > c99shell I didn't find? Even if their was, would it be possible for the > "www" user, with no priveleges to even cause this kind of problem? I had > disabled suhosin after customers patched their Zen Carts, because it > interfered with it. > > Or...could this be a bug in the re0 driver? It's just weird. > > James Smallacombe PlantageNet, Inc. CEO and Janitor > up@3.am http://3.am > ========================================================================= > James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================