[ previous ] [ next ] [ threads ]
 
 From:  Rolf Kutz <kutz at netcologne dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Logs spammed...
 Date:  Fri, 27 Jan 2006 12:56:07 +0100
* Quoting M.Schloeder (Zeitdienst W.Sorge) (schloeder at zeitdienst dot de):

> Jan 27 11:54:48 m0n0wall /kernel: arp: 192.168.0.110 moved from 
> 00:07:e9:3f:e9:89 to 00:07:e9:3f:e9:88 on rl0
> Jan 27 11:54:49 m0n0wall /kernel: arp: 192.168.0.110 moved from 
> 00:07:e9:3f:e9:88 to 00:07:e9:3f:e9:89 on rl0
> Jan 27 11:55:01 m0n0wall /kernel: arp: 192.168.0.110 moved from 
> 00:07:e9:3f:e9:89 to 00:07:e9:3f:e9:88 on rl0
> Jan 27 11:55:01 m0n0wall /kernel: arp: 192.168.0.110 moved from 
> 00:07:e9:3f:e9:88 to 00:07:e9:3f:e9:89 on rl0
> Jan 27 11:51:31 m0n0wall last message repeated 3 times
> 
> I got this nearly all 10 seconds in logfiles. What is going on?

Could be a broken NIC  or some other weird network
problem. Could also be somebody trying to do arp
spoofing (but it's unlikely just to change one bit
for that) or two NICs using the same IP on the
network. Close MAC addresses are sometimes used in
Routers. Try to identify the machine and look at
the logs there.

- Rolf