arp problem in /var/log/messages

Maciej Cetler airot at lazir.toya.net.pl
Sun Jan 18 07:35:17 PST 2004


On Sun, Jan 18, 2004 at 08:14:29PM +0800, Spades wrote:
> hi all, i got flooded by these msgs like 1000+ lines, any idea?
> my kernel is dated Nov-30 FreeBSD 4.9-stable
> 
> # tail -f /var/log/messages
> Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
> to 00:50:0f:4f:c0:00 on rl0
> Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
> to 00:04:5a:49:eb:74 on rl0
> Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
> to 00:50:0f:4f:c0:00 on rl0
> Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
> to 00:04:5a:49:eb:74 on rl0
> Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
> to 00:50:0f:4f:c0:00 on rl0

looks like someone is using tools like ettercap.

airot


More information about the freebsd-security mailing list