arp problem in /var/log/messages
Patrick Muldoon
doon at inoc.net
Sun Jan 18 08:08:42 PST 2004
On Sunday 18 January 2004 10:35 am, Maciej Cetler wrote:
> On Sun, Jan 18, 2004 at 08:14:29PM +0800, Spades wrote:
> > hi all, i got flooded by these msgs like 1000+ lines, any idea?
> > my kernel is dated Nov-30 FreeBSD 4.9-stable
> >
> > # tail -f /var/log/messages
> > Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from
> > 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0
> > Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from
> > 00:50:0f:4f:c0:00 to 00:04:5a:49:eb:74 on rl0
> > Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from
> > 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0
> > Jan 18 19:45:41 xb /kernel: arp: 202.79.180.1 moved from
> > 00:50:0f:4f:c0:00 to 00:04:5a:49:eb:74 on rl0
> > Jan 18 19:45:45 xb /kernel: arp: 202.79.180.1 moved from
> > 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0
>
> looks like someone is using tools like ettercap.
>
> airot
is .1 your gateway?
00:50:0f is a Cisco Adaptor
00:04:5a is a linksys Adaptor
What type of network are you on? IE is this your network? or is a say a
cablemodem network?
check out http://www.dslreports.com/forum/remark,8225369~mode=flat, which is
basically about this same issue and perhaps might shed some light on the
problem.
If they where both Cisco Nic's it could be HSRP?
Hope that helps,
-Patrick
--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C
micro$oft: "where do you want to go today?"
linux: "where do you want to go tomorrow?"
BSD: "are you guys coming, or what?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040118/b1d45689/attachment.bin
More information about the freebsd-security
mailing list