-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, One of the members of our staff has a Redhat 6.0 box on our network for his personal use. (Yes, I am having him upgrade to SuSE ASAP...). Recently some people noticed IP conflicts on the subnet... and it turns out that his box had bound all available IPs in that subnet to itself. The owner of the box swears he didn't do any "root level" operations preceeding the event, and I believe him. The questions I have are: could this possibly happen on its own? And, baring that, what kind of exploit would utilize this? Is this evidence of a packet sniffer? Does anyone have any epxerience with this kind of thing? I post this here, rather than the Redhat list, since the level of security awareness is far greater with the SuSE folk. I hope someone can clue me in on this issue. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE4sN1gPYrxsgmsCmoRAiTwAKDAh7gh/w5UHuZVU49GMGC7L6ZOUgCg1xLO etWUo2EU8pZ0QnmW31EJrIA= =tgjJ -----END PGP SIGNATURE-----