Security Incidents mailing list archives
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Fri, 21 Jan 2000 07:44:47 -0800
In message <NDBBICKKMKKMGELOAGLEEEJMCBAA.mikeyv1970 () snsworld net>, Michael Vaug han writes:
Hello all,
[lines deleted]
Any suggestions for determining the cause? <log> Jan 14 19:14:25 druid /kernel: arp: 10.1.11.32 moved from 00:30:80:1f:60:5f to 00:50:04:6b:ff:bf on x10 Jan 14 19:14:25 druid /kernel: arp: 10.1.11.32 moved from 00:50:04:6b:ff:bf to 00:30:80:1f:60:5f on x10 </log>
Usually this is caused by someone replacing a broken PC or NIC card on your network. As you suggest spoofing or a compromised host may also be the cause, though I'd check out the a new PC first. It takes little time to verify this. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert () uumail gov bc ca ITSD Province of BC "COBOL IS A WASTE OF CARDS."
Current thread:
- Unusual scan pattern Russell Fulton (Jan 18)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Cy Schubert - ITSD Open Systems Group (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Ex Machina [xm] (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File CyberPsychotic (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Dug Song (Jan 22)
- Re: Unusual scan pattern Granquist, Lamont (Jan 19)
- Slow scan Mixmaster (Jan 19)
- Re: Unusual scan pattern Richard Bejtlich (Jan 20)
- Re: Unusual scan pattern Kevin Houle (Jan 20)
- Re: Unusual scan pattern Russell Fulton (Jan 23)
- semi careful, very patient attacker Jon Paul, Nollmann (Jan 24)
- <Possible follow-ups>
- Re: Unusual scan pattern Oliver Friedrichs (Jan 19)
(Thread continues...)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)