Mac address changed ??
up at 3.am
Thu Feb 11 03:40:32 UTC 2010
This freaked me out a bit, so I'm just running it past the list to make
sure this is just a hardware issue...I've never seen it before.
My dedicated server provider replaced my defective server that had been up
for 6 months after it had apparent failures of a NIC and hard drives. It
had also recently been the victim of the Zen Cart exploits (I posted about
this not long ago).
Tonight I lost connectivity to it, got in via KVM/IP and saw this in the
Feb 10 20:42:51 mail kernel: arp: 18.104.22.168 moved from
00:17:e0:4f:b9:c0 to 00:13:e0:4f:b9:c0 on re0
My first reaction was that somebody else on the LAN had used my IP
address, which would have explained the connectivity issues. However, the
IP couldn't be pinged and I also noticed that only one number in the
address had changed...the odds of somebody else having it were long.
ifconfig showed the I/F down, no carrier.
I rebooted and then it came up with yet a third MAC address,
00:14:d1:3c:1e:31 Not really even close. Still no carrier. Provider
swaps out the Realtek NIC for a new one and it's working (for now).
Questions that come to mind: could their be a DoS perhaps from a bot or
c99shell I didn't find? Even if their was, would it be possible for the
"www" user, with no priveleges to even cause this kind of problem? I had
disabled suhosin after customers patched their Zen Carts, because it
interfered with it.
Or...could this be a bug in the re0 driver? It's just weird.
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
More information about the freebsd-questions