Mac address changed ??

James Smallacombe up at 3.am
Thu Feb 11 04:14:59 UTC 2010 

Please disregard this...sleep deprication...the IP in questions (which I 
should have disfuised anyway) was not my server's IP, but that of the 
default gateway...the problem was external.

On Wed, 10 Feb 2010, James Smallacombe wrote:

>
> This freaked me out a bit, so I'm just running it past the list to make sure 
> this is just a hardware issue...I've never seen it before.
>
> My dedicated server provider replaced my defective server that had been up 
> for 6 months after it had apparent failures of a NIC and hard drives.  It had 
> also recently been the victim of the Zen Cart exploits (I posted about this 
> not long ago).
>
> Tonight I lost connectivity to it, got in via KVM/IP and saw this in the 
> syslog:
>
> Feb 10 20:42:51 mail kernel: arp: 209.17.170.1 moved from 00:17:e0:4f:b9:c0 
> to 00:13:e0:4f:b9:c0 on re0
>
> My first reaction was that somebody else on the LAN had used my IP address, 
> which would have explained the connectivity issues.  However, the IP couldn't 
> be pinged and I also noticed that only one number in the address had 
> changed...the odds of somebody else having it were long. ifconfig showed the 
> I/F down, no carrier.
>
> I rebooted and then it came up with yet a third MAC address, 
> 00:14:d1:3c:1e:31  Not really even close.  Still no carrier.  Provider swaps 
> out the Realtek NIC for a new one and it's working (for now).
>
> Questions that come to mind: could their be a DoS perhaps from a bot or 
> c99shell I didn't find?  Even if their was, would it be possible for the 
> "www" user, with no priveleges to even cause this kind of problem?  I had 
> disabled suhosin after customers patched their Zen Carts, because it 
> interfered with it.
>
> Or...could this be a bug in the re0 driver?  It's just weird.
>
> James Smallacombe		      PlantageNet, Inc. CEO and Janitor
> up at 3.am							    http://3.am
> =========================================================================
>

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am
=========================================================================

More information about the freebsd-questions mailing list