|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File
Subject: Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File
From: netadmin (netadmin
TRISTARONLINE.COM)
Date: Wed Jan 19 2000 - 04:19:08 CST
- Next message: Derek Shaw: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Previous message: Francis Favorini: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- In reply to: Michael Vaughan: "ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Next in thread: Derek Shaw: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Reply: netadmin: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is a chance that someone is trying to run an ICMP Redirect bomb. The
hacker could fool your system into thinking that his machine is one of your
isp's machines. There should be a patch out to resolve this issue.
Tim
-----Original Message-----
From: Michael Vaughan [mailto:mikeyv1970SNSWORLD.NET]
Sent: Wednesday, January 19, 2000 4:29 AM
To: win2ksecadviceLISTSERV.NTSECURITY.NET
Subject: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File
Hello all,
Below is the log file from a Unix server that appears
to have logged the fact that an NT 4.0 DNS servers MAC
address decided to change.
This is the second time this has happened within a
month. The first involved a change for six minutes
(around mid...no one on campus) This time...0-1 second.
This is what I am initially recommending...
1) A scan of EVERY device connected to the network to
determine MAC addresses. This would be done more than
once of course.
Compare to see if any match the detected address.
2) Use a 'sniffer' to monitor the network for this MAC
address (if not initially found) henceforth...and to
monitor for any 'suspicious' activity.
What I am attempting to do is determine if this is
simply a node MAC address conflict (possible) or a
spoofing attack.
This could be something innocuous or an attack....any
suggestions for determining the cause?
<log>
Jan 14 19:14:25 druid /kernel: arp: 10.1.11.32 moved
from 00:30:80:1f:60:5f to 00:50:04:6b:ff:bf on x10
Jan 14 19:14:25 druid /kernel: arp: 10.1.11.32 moved
from 00:50:04:6b:ff:bf to 00:30:80:1f:60:5f on x10
</log>
X10 is my nic for those newbies
Thanks in advance for any suggestions!!!!
Respectfully,
-Michael Vaughan
Microsoft Certified Systems Engineer
ICQ: 20031116
-"Sic pas pacem, para bellum"
-If you desire peace, prepare for war
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Derek Shaw: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Previous message: Francis Favorini: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- In reply to: Michael Vaughan: "ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Next in thread: Derek Shaw: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Reply: netadmin: "Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Wed Jan 19 2000 - 12:30:58 CST