[wplug] What Does This SYSLOG Entry Mean?
Richard A. Bilonick
rabil at home.com
Tue Jan 16 16:02:56 EST 2001
Robert Dale wrote:
> On Tue, 16 Jan 2001 jmh3 at linuxfreak.com wrote:
>
> > > > > Jan 16 09:02:19 6R:c1087015-a.baden1.pa.home.com 0312 400 DHCP SERVER
> > > > > Offered | Offering: 10.0.1.2 To: 003065112234 By: 24.23.99.148
> > > > are you running dhcp on your firewall gateway for computers behind the
> > > > firewall?
> > >
> > > Precisely. 003065112234 is Rick's MAC address. 24.23.99.148 is one of
> > > @Home's DHCP server.
> >
> > isn't c1087015-a.baden1.pa.home.com ricks computer (from the log entry)?
> > the ipaddress 24.23.99.148 resolves to that domain name. if that is the
> > case it would seem that his computer is serving out ip's in the 10.x.x.x
> > subnet right?
>
> Right. I was still looking at the netstat entry.
>
> It does indeed look like he's the one offering IPs. 003065112234 must be
> the requester's MAC. Rick, what does `/sbin/ifconfig | grep HWaddr` give
> you?
>
> --
> Robert Dale
>
I don't believe I'm running DHCP (bootp?), but I will check.
c1087015-a.baden1.pa.home.com is not my computer. My guess is that it is an @Home
server offering me an IP, but I want to make sure. Since this possible use of my
computer's sendmail relaying spam, I want to make sure I understand these entries.
`/sbin/ifconfig | grep HWaddr` doesn't work, but
c56321-a 4# ifconfig ec0
ec0: flags=400c43<UP,BROADCAST,RUNNING,FILTMULTI,MULTICAST,IPALIAS>
inet 24.1.43.34 netmask 0xfffff800 broadcast 192.168.0.1
I hope this doesn't help any hackers.
I checked /etc/inetd.conf and "bootp" is commented out.
Thanks.
Rick
More information about the wplug
mailing list