[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


some really good ideas here (and one scary one), but I think I got 
it figured out. the dchp client made me wonder, since I don't run 
telnetd, ftpd (i do run ssh, but while my system is 3.5, I've 
tried to stay on top of sshd).  

I isolated it to my son's somewhat new iMac.  I just booted it, 
and sure enough a new entry showed up as if on queue.  and the 
first entry coincides with it's arrival to the network.   it's 
got an assigned internal ip, not sure why it would be doing something with 
dchp.  time to revisist the network settings.

it's running os 9.2, perhaps it's time to upgrade to the bsd version :-)

thank you all for the great input


On Mon, Jan 14, 2002 at 10:11:01AM -0800, Brooks Davis wrote:
> On Sun, Jan 13, 2002 at 10:06:06PM -0800, Ward Kaatz wrote:
> > greetings...just found this last night in my /var/log/messages, I am not sure what this is.
> > 
> > Have I possibly been compromised? note that the box this messages exists on is a net/firewall box, dsl connected. my version is: 3.5-STABLE.
> > 
> > thanks!
> > ward
> > 
> > 
> > Jan 12 20:42:59 darkstar /kernel: arp: 00:03:93:49:ec:74 is using my IP address
> >!
> > Jan 12 20:43:04 darkstar last message repeated 3 times
> > Jan 13 17:01:00 darkstar /kernel: arp: 00:03:93:49:ec:74 is using my IP address
> >!
> > Jan 13 17:01:06 darkstar last message repeated 3 times       
> If you have an interface with the address (often happens if
> dhclient is run incorrectly as with older version of FreeBSD like 3.5) you
> would see these every time someone on your segment makes a dhcp request.
> Arguably this is a bug in the arp warning.
> -- Brooks
> -- 
> Any statement of the form "X is the one, true Y" is FALSE.
> PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4