Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Mar 2002 18:52:43 +0300
From:      "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
To:        krzysztof Strzelczyk <cs052279@yahoo.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Kernel error?? Hacked?? Bad NIC??
Message-ID:  <7131186123.20020325185243@internethelp.ru>
In-Reply-To: <20020325153207.66991.qmail@web14804.mail.yahoo.com>
References:  <20020325153207.66991.qmail@web14804.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello krzysztof,

Monday, March 25, 2002, 6:32:07 PM, you wrote:

kS> Hello, 

kS>      I'm getting some weird actively from my primary
kS> DNS server.  I have two aliases to one NIC that box as
kS> it also acts as a non-anonymous ftp server.  

kS> Interface fxp0
kS> IP is xxx.xxx.xxx.11
kS> alias0 is xxx.xxx.xxx.4
kS> alias1 is xxx.xxx.xxx.15

kS> I can send and receive ping requests from this
kS> interface however I can only ping the .15 alias.  The
kS> .11 ip address and the .4 alias return 'sendto: host
kS> down'.  Is this a sign of a NIC going bad??

Do you have any packet-filtering software on this box? If yes, what
your ruleset looks like?
Do you perform pings from that very machine, or from machine in local
segment, or from machine behind the router(s)?

kS> Here is that latest actively in my logs that I can not
kS> explain:

>>opensocket_f: bind ([xxx.xxx.xxx.11]): can't assign
kS> requested address.

Which process is complaining?

>>Using kernel phase-lock loop 2040
>>Using kernel phase-lock loop 2041

>>Kernel pll status change 2040
>>Kernel pll status change 2041

kS> It almost smells like someone has hacked this box and
kS> disabled ping to the IPs he wants to use for his
kS> purposes.  How could I best check on this?  Is there a
kS> way to disable ping to certain IP addresses on a NIC. 
kS> IPF is not loaded on this box.

kS> Thanks for any help
kS> -chris


;-------------------------------------------
; NKritsky
; mailto:nkritsky@internethelp.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7131186123.20020325185243>