Mac address changed ??

James Smallacombe up at
Thu Feb 11 03:40:32 UTC 2010

This freaked me out a bit, so I'm just running it past the list to make 
sure this is just a hardware issue...I've never seen it before.

My dedicated server provider replaced my defective server that had been up 
for 6 months after it had apparent failures of a NIC and hard drives.  It 
had also recently been the victim of the Zen Cart exploits (I posted about 
this not long ago).

Tonight I lost connectivity to it, got in via KVM/IP and saw this in the 

Feb 10 20:42:51 mail kernel: arp: moved from 
00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0

My first reaction was that somebody else on the LAN had used my IP 
address, which would have explained the connectivity issues.  However, the 
IP couldn't be pinged and I also noticed that only one number in the 
address had changed...the odds of somebody else having it were long. 
ifconfig showed the I/F down, no carrier.

I rebooted and then it came up with yet a third MAC address, 
00:14:d1:3c:1e:31  Not really even close.  Still no carrier.  Provider 
swaps out the Realtek NIC for a new one and it's working (for now).

Questions that come to mind: could their be a DoS perhaps from a bot or 
c99shell I didn't find?  Even if their was, would it be possible for the 
"www" user, with no priveleges to even cause this kind of problem?  I had 
disabled suhosin after customers patched their Zen Carts, because it 
interfered with it.

Or...could this be a bug in the re0 driver?  It's just weird.

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at	

More information about the freebsd-questions mailing list