alvin at planet.fef.com
Tue Nov 10 18:05:39 PST 1998
hi ya Dave...
thanx for your reply...
> > what does it mean when arpwatch catches and reports
> > a (new) IP#/MAC address of the ethernet cards on
> > our local LAN for domain names we don't support ???
> Huh? Could I see the message that it literally sends root? What is the
> interface of the machine in question connected to?
>From arpwatch on chipmunk ( *.41 ):
- have shitloads of them for each new host found
- since arpwatch running the first time...
Date: Tue, 10 Nov 1998 04:41:11 -0800
To: root at chipmunk
Subject: new station (planet.fef.com)
ip address: 18.104.22.168
ethernet address: 0:40:5:1b:d7:3c
ethernet vendor: TRENDware International Inc.; Linksys; Simple Net; all three reported
timestamp: Tuesday, November 10, 1998 4:40:06 -0800
and other NICs/hosts found on the local LAN has our local ip# but
with domain names we do not support...that I know of...
and of course netstat, ls, top, route, ifconfig etc does not show the
> > arpwatch comes by default? on rh-5.2...
> And this is a *big* mistake for cable modem users. You will get a few
> thousands messages to root the first day or so as arpwatch builds it's
> database, and probably a few hundred a week as all sorts of ARP oddities
> happen on the network. Unless you are ultra paranoid, arpwatch will drive
> you nuts.
if it reports "new connections"...I don't mind...
it does fill up /var/log/messages... guess we can remove them later...
or disable logging into messages....
I like to know when a new NIC or host is added to the LAN...
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
More information about the svlug