RE: Kernel log message

From: Ian Smith (smithi@nimnet.asn.au)
Date: 10/15/02 

Date: Tue, 15 Oct 2002 14:05:47 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: William Wallace <ww@austin.rr.com>

On Mon, 14 Oct 2002, William Wallace wrote:

> Thanks to all who replied. Just as an additional interesting piece of
> information: Because the machine in question was in a state that made it
> easy to simply wipe it out and re-install everything from scratch, I decided
> to do just that. Upon reinstalling the OS and rebooting, I got a kernel log
> message in my FreeBSD server that indicated the "opposite" MAC address
> change. It changed from "00:00:78:0d:5a:7f" back to "00:20:78:0d:5a:7f",

That's still a one-bit error. In my humble experience, one-bit errors
are almost invariably hardware. If so, then I guess this is off-topic.

> which is what it was originally. I'm suspicious now of some kind of
> malicious software or something, but it's going to be hard to determine what
> exactly made that happen.

Did you try cleaning the NIC in question, and the computer it lives in?

[..]

> >The machine in question (192.168.100.2) is a Windows 2000 machine that has
> >had the same NIC for years. Also, only one of the digits in the MAC
> >address seems to have changed. What could cause this?
> >
>
> 1) The NIC card could be dieing. "same NIC for years"
> 2) Transmission error of some sort on you LAN
> 3) Problem w/ a packet switch.

Still smells like hardware to me too; fluff and dust can engender such.

Cheers, Ian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message