RE: Kernel log message

From: Alex Pavlovic (alex.pavlovic@corp-x.com)
Date: 10/13/02 

From: "Alex Pavlovic" <alex.pavlovic@corp-x.com>
To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG>
Date: Sat, 12 Oct 2002 22:51:55 -0700

Hi,

There is always a possibility of someone or something performing arp
manipulation in order to redirect the lan traffic. Some common techniques
that come to mind are: MAC spoofing which is efficient against CAM
tables found in switches ( If you are running a switched network )
and ARP spoofing / cache poisoning which might apply to you.
Attacks that can be performed with these range from sniffing to
proxying, MiM, DoS to escaping firewalls. Recently for example certain
data has been published about intreception of ssl traffic
and attack against Microsoft IE certificates. 

--
Alex Pavlovic 
Founder and CTO
Corp-X Solutions
http://www.corp-x.com
>  -----Original Message-----
> From: 	owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG] 
> Sent:	Saturday, October 12, 2002 5:38 PM
> To:	FreeBSD Security
> Subject:	Kernel log message
> 
> 
> 	Could someone explain to me what the following log message means:
> 
> 	disco.wwallace.net kernel log messages:
> 	> arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to
> 00:00:78:0d:5a:7f on de0
> 	> Oct  5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from
> 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0
> 	
> 	The machine in question (192.168.100.2) is a Windows 2000 machine
> that has had the same NIC for years.  Also, only one of the digits in the
> MAC address seems to have changed.  What could cause this?
> 
> 	Thanks,
> 	- William.
> 
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message