is this a possible DoS attack?
David Kelly
dkelly at hiwaay.net
Mon May 16 08:44:09 PDT 2005
On Mon, May 16, 2005 at 08:26:58AM -0600, Chad Leigh -- Shire.Net LLC wrote:
>
> May 16 03:14:59 crickhollow /kernel: arp: 166.70.252.252 moved from
> 00:20:ed:16:b9:07 to 00:20:ed:56:b9:07 on dc0
[...]
> The address 166.70.252.252 is on another server that has not
> changed at all and is on a linux server that has that address but has
> no open ports / services listening on that address at all (it does
> all its listening on a private 192.168 type address -- the public
> address assignment is to make it easier for it to go out to the world
> for updates)
Both nets on the Linux machine on the same NIC? If so then I'd suspect
something with Linux. Else note the MAC address only differs by one bit.
Unless that rings a bell as a signature of a DoS then I'd suspect either
the Linux NIC or ethernet switch between. None the less whatever the
cause doesn't excuse FreeBSD for falling on its face.
--
David Kelly N4HHE, dkelly at HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.
More information about the freebsd-questions
mailing list