Stopping ARP messages

John Murphy jfm at blueyonder.co.uk
Sun Sep 1 03:32:49 BST 2002


Jeff LaCoursiere <jeff at jeff.net> wrote:

>I don't get it - is BY bridging?  Why would you see multiple mac addresses
>locally?  Its not something on your local LAN?

I don't either.  I started seeing the messages immediately after the local
UBR was 'upgraded'.  I asked in one of their support newsgroups but didn't
receive a valid answer.  62.31.198.1 is DHCP assigned as the router, though
all traceroutes show an RFC1918 address as the first hop (10.48.128.1).
The router address never appears in a traceroute!

Paul Civati <paul at xciv.org> wrote:

>Personally I would probably comment the line(s) out of the kernel source
>and build a new kernel if it was bothering me that much, and leave my
>syslog as is, so that I see other kernel level errors/warnings.

It doesn't really bother me much either, it's just a bit annoying 'cause
sometimes there's something possibly important embedded within the noise
and I just skip past it.  I don't use the console at all, so I don't see
the messages there, but they fill /var/log/messages and the security
check output. eg (as it's just after 3am):

Message 1:
>From root Sun Sep  1 03:01:36 2002
Date: Sun, 1 Sep 2002 03:01:06 +0100 (BST)
From: Charlie Root <root>
Subject: wall.my.domain security check output
To: undisclosed-recipients:;

Checking setuid files and devices:


Checking for uids of 0:
root 0
toor 0


Checking for passwordless accounts:


wall.my.domain kernel log messages:
>
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> Aug 31 03:29:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 03:29:22 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> Aug 31 07:28:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 07:28:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> Aug 31 11:27:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 11:27:22 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 16:39:58 wall su: john to root on /dev/ttyp0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> Aug 31 18:53:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 18:53:22 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Aug 31 22:52:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> Aug 31 22:52:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:54 to 00:d0:ba:32:1e:70 on ed0
> Sep  1 02:51:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
54 to 00:d0:ba:32:1e:70 on ed0
> arp: 62.31.198.1 moved from 00:d0:ba:32:1e:70 to 00:d0:ba:32:1e:54 on ed0
> Sep  1 02:51:21 wall /kernel: arp: 62.31.198.1 moved from 00:d0:ba:32:1e:=
70 to 00:d0:ba:32:1e:54 on ed0
--=20
Thanks
John




More information about the Ukfreebsd mailing list