To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I remember a bad ethernet adapter doing exactly that. I fixed it overriding the mac-address. If I remember correctly then it was an IBM PS/2 running OS/2.
It was breaking SNA and Novell Netware The real fix was to replace the adapter finally. Kind regards Peter Thomas Anderson (CSO) wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > I've seen problems like this with errors in packet broadcasting from a > particular device. Just not as BIG an error. Check the hostnames of the > PCs in windows, and I am sure they are not philka! There is a > conflicting broadcast packet in one of your devices most likely that the > PCs are picking up on. I've seen this with printers. > > RVaughn wrote: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> ---------- >> Could this possibly be a switch problem? >> >> Konstantin Barinov wrote: >> >>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>> ---------- >>> >>> >>> ------------------------------------------------------------------------ >>> >>> Hello colleagues >>> >>> Our admins made an interesting discovery today. We have hundreds of client >>> PC's with same hostname >>> "philka". Below a little block from dhcpd log file. Did you see something >>> like this? I doubt all those people >>> changed computer names in Windows manually. >>> >>> -- >>> Konstantin Barinov >>> >>> >>> >>> Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from >>> 00:19:66:17:0d:da (philka) via vlan15 >>> Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da >>> (philka) via vlan15 >>> Dec 14 00:18:01 victor dhcpd: DHCPREQUEST for 172.17.30.203 from >>> 00:13:d4:0f:d2:89 (philka) via vlan45 >>> Dec 14 00:18:01 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89 >>> (philka) via vlan45 >>> Dec 14 00:18:03 victor dhcpd: DHCPREQUEST for 172.17.30.203 from >>> 00:13:d4:0f:d2:89 (philka) via vlan45 >>> Dec 14 00:18:03 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89 >>> (philka) via vlan45 >>> Dec 14 00:23:50 victor dhcpd: DHCPREQUEST for 172.18.133.113 from >>> 00:40:f4:88:56:94 (philka) via vlan58 >>> Dec 14 00:23:50 victor dhcpd: DHCPACK on 172.18.133.113 to 00:40:f4:88:56:94 >>> (philka) via vlan58 >>> Dec 14 00:24:33 victor dhcpd: DHCPREQUEST for 172.16.60.34 from >>> 00:40:95:32:42:b3 (philka) via vlan17 >>> Dec 14 00:24:33 victor dhcpd: DHCPACK on 172.16.60.34 to 00:40:95:32:42:b3 >>> (philka) via vlan17 >>> Dec 14 00:31:50 victor dhcpd: DHCPREQUEST for 172.17.21.154 from >>> 00:13:d4:80:27:69 (philka) via vlan44 >>> Dec 14 00:31:50 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69 >>> (philka) via vlan44 >>> Dec 14 00:33:04 victor dhcpd: DHCPREQUEST for 172.16.115.252 from >>> 00:13:8f:59:e5:a1 (philka) via vlan64 >>> Dec 14 00:33:04 victor dhcpd: DHCPACK on 172.16.115.252 to 00:13:8f:59:e5:a1 >>> (philka) via vlan64 >>> Dec 14 00:46:45 victor dhcpd: DHCPREQUEST for 172.18.131.82 from >>> 00:50:22:e8:65:41 (philka) via vlan58 >>> Dec 14 00:46:45 victor dhcpd: DHCPACK on 172.18.131.82 to 00:50:22:e8:65:41 >>> (philka) via vlan58 >>> Dec 14 00:47:19 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b >>> (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) >>> via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b >>> (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) >>> via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b >>> (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8) >>> >from 00:0e:2e:36:df:9b (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b >>> (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8) >>> >from 00:0e:2e:36:df:9b (philka) via vlan20 >>> Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b >>> (philka) via vlan20 >>> Dec 14 00:47:23 victor dhcpd: DHCPREQUEST for 172.17.21.154 from >>> 00:13:d4:80:27:69 (philka) via vlan44 >>> Dec 14 00:47:23 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69 >>> (philka) via vlan44 >>> Dec 14 00:53:03 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) >>> via vlan20 >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>> All list and server information are public and available to law enforcement >>> upon request. >>> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets >>> >> >> _______________________________________________ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law enforcement >> upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets >> >> >> >> > > -- > Thomas Anderson > Chief Security Officer > Tel: 678-531-3367 > Email: [EMAIL PROTECTED] > Web: www.stopddos.org > > > ------------------------------------------------------------------------ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets