arp problem in /var/log/messages
Lyle Evans
mlevans at blacksburg.net
Sun Jan 18 11:19:25 PST 2004
At 07:14 AM 01/18/04, you wrote:
>hi all, i got flooded by these msgs like 1000+ lines, any idea?
>my kernel is dated Nov-30 FreeBSD 4.9-stable
>
># tail -f /var/log/messages
>Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>to 00:50:0f:4f:c0:00 on rl0
>Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
>to 00:04:5a:49:eb:74 on rl0
>Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>to 00:50:0f:4f:c0:00 on rl0
>Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00
>to 00:04:5a:49:eb:74 on rl0
>Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74
>to 00:50:0f:4f:c0:00 on rl
You have a Linksys and Cisco device fighting over a IP address either
they both think they own the address or one or maybe both are proxy arping
for the address. The fields 00:04:5a:49:eb:74 & 00:50:0f:4f:c0:00 are
the ethernet address of the Linksys and Cisco devices respectively.
Regards,
Lyle Evans
evansl at rackears.com
rackmount brackets for many networking and ISP equipment chassises
http://www.rackears.com
More information about the freebsd-security
mailing list