is this a possible DoS attack?

David Kelly dkelly at hiwaay.net
Mon May 16 08:44:09 PDT 2005


On Mon, May 16, 2005 at 08:26:58AM -0600, Chad Leigh -- Shire.Net LLC wrote:
> 
> May 16 03:14:59 crickhollow /kernel: arp: 166.70.252.252 moved from  
> 00:20:ed:16:b9:07 to 00:20:ed:56:b9:07 on dc0

[...]

> The address  166.70.252.252  is on another server that has not  
> changed at all and is on a linux server that has that address but has  
> no open ports / services listening on that address at all (it does  
> all its listening on a private 192.168 type address -- the public  
> address assignment is to make it easier for it to go out to the world  
> for updates)

Both nets on the Linux machine on the same NIC? If so then I'd suspect
something with Linux. Else note the MAC address only differs by one bit.
Unless that rings a bell as a signature of a DoS then I'd suspect either
the Linux NIC or ethernet switch between. None the less whatever the
cause doesn't excuse FreeBSD for falling on its face. 

-- 
David Kelly N4HHE, dkelly at HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.


More information about the freebsd-questions mailing list