budsz napsal/wrote, On 04/12/08 01:58:
> I got movement ARP entry to other MAC ADDR
> on the same IP ADDR. Everyone know what happen is? Is
that ARP
> Poisoning.
Not necessary. It may be misconfigured computer (configured
statically
to use an address assigned to another computer). Or there
may be an
unauthorized DHCP server - for example misconfigured Windows
with two or
more NICs may run one causing the IP conflicts. Yes, it may
be
intentional attack also.
How to resolve ? You need to found the source of problem
and disconnect
it. If it is misconfiguration, you may identify the computer
via MAC. If
it is attack and your LAN is not so large, you may try to
disconnect
parts of them - when problem disappear you know the segment
of the
computer you are searching for.
If your LAN isn't small you need to consult your switches
from where
the attacker MAC come. You can't build reliable large LAN
with dumb
switches, so I'm sure you have smart switches on your LAN.
But it seems to me your question has nothing to do with
FreeBSD with
the exception that there is one computer with FreeBSD
connected to
problematic LAN.
Dan
_______________________________________________
freebsd-security freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
