[55579] in Hotline Meeting
m66-080-18 address theft
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Jul 11 08:19:03 2001
Message-Id: <200107110016.UAA02440@localhost>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: hotline@MIT.EDU
Date: Tue, 10 Jul 2001 20:12:43 -0400
Note: m66-080-18 working "right now" does *not* mean that the
following problem has been fixed.
I noticed that m66-080-18 has been logging the following on and off
for weeks:
Jul 10 13:05:37 m66-080-18.mit.edu unix: WARNING: IP: Hardware address '00:01:03:27:03:cc' trying to be our address 018.063.001.018!
When I looked for the offending machine, I only found it on the the
entry repeater:
Could not contact device CHEME-REP-1
Could not contact device CHEME-REP-2
Could not contact device CHEME-REP-3
Could not contact device M66-110-AP-2
Found on 3/12@M66-351T-SW-ENTRY
Presumably the offending device was either off at the time (possible
since m66-080-18 was working) or the offending device was off of one
of the uncontactable repeaters.
For the record, I confirmed that m66-080-18 is definately
08:00:20:B0:9A:97, and that the MAC above is the rogue one.
I suspect you'll need help from the vdist or net-sec folks dealing
with this, but figured I'd get you the information I had.
Jonathon
