IP address impersonation
- From: Robin Becker <robin@xxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 22:53:36 +0000
We have a remotely hosted 6.0 server that has apparently been impersonated by a colocated server. The provider allows root access and we have set up our server from a base 6.0 installation. We were allocated an ip address and mostly we have had a good experience with this setup. However, twice in three weeks we have had difficulty in logging in and have had to crash boot the server. Analysis of the logs revealed that another machine on the hoster's network had assigned itself our ip address. Even when we provided the suspect mac address it seemed the hoster had trouble in finding out/appreciating what the problem was.
I have little experience of this sort of thing, but can anyone else offer some advice on
1) is this a recognized form of attack? I can see that it could be used for password harvesting and traffic interception, but are there other implications.
2) Are there ways to mitigate this kind of problem? We have other hosted servers on machines with similar (root) access. They presumably could also be impersonated. We found this out by inspection of our own log files; could the provider be doing something more to prevent this?
--
Robin Becker
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: IP address impersonation
- From: Erik Norgaard
- Re: IP address impersonation
- From: Derek Ragona
- Re: IP address impersonation
- Prev by Date: ENABLE_SUID_K5SU and ksu behavior
- Next by Date: Re: buildworld upgrading advise please.
- Previous by thread: ENABLE_SUID_K5SU and ksu behavior
- Next by thread: Re: IP address impersonation
- Index(es):
Relevant Pages
|
|
