[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[afnog] [Fwd: mail.one2net.co.ug security run output]
- To: afnog at afnog.org
- Subject: [afnog] [Fwd: mail.one2net.co.ug security run output]
- From: Patrick Okui <pokui at one2net.co.ug>
- Date: 19 Aug 2003 09:44:42 +0300
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog at afnog.org
- List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
- List-Help: <mailto:afnog-request at afnog.org?subject=help>
- List-Id: The AfNOG general discussion list <afnog.afnog.org>
- List-Post: <mailto:afnog at afnog.org>
- List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
- List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
- Organization: One2Net (U) Ltd
- Sender: afnog-bounces at afnog.org
Got this in my logs... I can't seem to trace the renegade MAC address.
Any reason this would happen the 216.250.215.15 should be a broadcast
for one of my small services shouldn't it? Any clues on how to debug
this?
-----Forwarded Message-----
From: Charlie Root <root at mail.one2net.co.ug>
To: root at mail.one2net.co.ug
Subject: mail.one2net.co.ug security run output
Date: 19 Aug 2003 03:01:03 +0300
<snip>
mail.one2net.co.ug kernel log messages:
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
> arp: 00:50:ba:8c:57:e1 attempts to modify permanent entry for 216.250.215.15 on rl0
mail.one2net.co.ug login failures:
mail.one2net.co.ug refused connections:
-- End of security output --
the commands below give...
mail# arp -a
? (216.250.215.9) at 00:d0:ba:58:ee:e0 on rl0 [ethernet]
ns.one2net.co.ug (216.250.215.10) at 00:50:ba:85:ca:82 on rl0 [ethernet]
? (216.250.215.15) at ff:ff:ff:ff:ff:ff on rl0 permanent [ethernet]
mail# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 216.250.215.9 UGSc 15 3424 rl0
127.0.0.1 127.0.0.1 UH 0 45082 lo0
216.250.215.8/29 link#1 UC 3 0 rl0
216.250.215.9 00:d0:ba:58:ee:e0 UHLW 16 0 rl0 617
216.250.215.10 00:50:ba:85:ca:82 UHLW 0 228 rl0 1191
216.250.215.15 ff:ff:ff:ff:ff:ff UHLWb 0 22 rl0
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>