Unknown IP address shows FreeBSD server MAC in arp cache
kayasaman at gmail.com
Thu Apr 25 01:52:24 UTC 2013
I'm experiencing a weird problem and I have no idea where to begin with
Basically what's happening is that I did a host scan from my NetBSD box
running Cacti in order to 'Auto Discover' machines on my network; a php
script on the Cacti server added an IP address xxx.xxx.1.52.
Seeing this as odd since I haven't configured any machine with this IP
as it's in the DHCP range on my network and there aren't any machines
running on DHCP on the particular VLAN either as everything is
statically configured; I proceeded to check the arp cache of my NetBSD
box which pointed to the MAC address of my FreeBSD server?
Having a look round my network and servers each ping attempt to
xxx.xxx.1.52 gives me a response and in the arp cache of each
machine/device shows the FreeBSD server.
Long ago I may have had this machine on xxx.xxx.1.52 but I can't recall
and all settings in /etc/rc.conf for interfaces and Jails are fine and
consistent with my Network Spec. My network has also had a massive
overhaul since then as I've changed switches and router in the meantime
I have thought about arp poisoning but then again no other machine is
connected to my network that I don't know about and since it's a home
network there's really only me connected to it. Also I'm running OpenBSD
as a firewall/router gateway which I've also checked thoroughly
including Packet Filter and haven't found any issues.
I also thought about RARP and bootparamd since I'm running a bunch of
Sun SPARC systems in which I NetBooted but nothing on that front either
showed any result. I additionally have checked the /etc/hosts files of
all my systems and even my local DNS db files but nothing shows
xxx.xxx.1.52 at all.
The BSD version that I'm running on my FreeBSD server is 8.2 x64.
Would anyone be able to help me out with this one?
Basically why is a rogue or unknown IP address pointing to my FreeBSD
More information about the freebsd-questions